[saml-dev] RE: [security-services] Points to Make to the Press Aboutthe Int erop (and SAML generally )

["Mishra, Prateek" <pmishra@netegrity.com>]

Title: RE: [security-services] Points to Make to the Press About the Int erop (and SAML generally )

 

If we can come to agreement on which general points are important, we can certainly improve how they are explained.

[Prateek Mishra] 

Agreed, I will take your starting points and work to generate some text around them.

 >somewhere we need to work in the narrative we have used in the interOp document and
>demonstration.

I am not sure specifically what you are referring to. Can you cite a document section?
[Prateek Mishra] 

 

The interOp document describes a set of flows and uses a set of terms to explain them. We need to

get these terms in front of the press so that they have something concrete they can connect to. The latest
version of the interOp document is:

http://lists.oasis-open.org/archives/saml-dev/200206/msg00209.html 

>Most press people actually have only a modest idea what the concept of federation
>actually means in
>a practical way. I will add some slides to the current presentation so as to illustrate
>the concept in some detail.

Actually my point on Federated Identity is not actually a part of the demonstration, since for any given session, there is only one Attribute Authority.
[Prateek Mishra]

I disagree. There are two authorities involved in the flow --- the "portal" and the "content site"
and the session is determined by a collaboration bewteen these two.  I would strongly argue that this
is an example of federation between the two parties.

 The point I was trying to make, put in baldest terms is this: Microsoft proposed that everybody give them all their information which they would in one place and thus make it much more convenient to use the Internet. The world rejected this approach for a variety of reasons and not just because it was Microsoft. It is now largely agreed that it is neither desirable nor necessary to move all user information to one spot, if there is a technical means to communicate that information to interested parties. SAML provides that means and has encompassed this idea in its Domain Model since the very beginning.
[Prateek Mishra] 

Hal, this is all excellent stuff but it primarily makes sense to security architects not to press people. I want to be very clear that I view your comments as very important but I also to want to make sure that the precise flows illustrated in the demos are
drilled into the minds of the press people.

The way I describe this in public is that today, my doctor knows certain things about me, my broker knows other things about me and my mechanic knows still other things about me. Each of them is the best person to hold that information and make sure it is kept up to date. There is no need to drag all that information to a central point and then try to somehow keep it accurate. The only reason for doing that (other than business advantages to the keeper of the repository) would be if it were the only way to make use of that information. However, with SAML we have the means to distribute the information from those who maintain it to those who need it.

>In addition, I think that some of these details also need to be added to this document, >which I presume will actually
>be handed out to the press. Is that correct? We have earlier discussed on the list the
>need for a "one page" document
>which will be handed out to the press and the participants before/after the demo. I
>assume your outline is a first
>step in that direction.

Not really, I was just trying to express what I see as key points that I would like to see a reporter use as the "lead" for a story about the event. If we don't give them a "lead" they will come up with their own. The one they came up with so far is "SAML vs. WS-Security" which is not one we want to continue.
[Prateek Mishra] 

OK, I got it. We will make sure we get Marc's draft out this week. I will also respond to your proposed
interOp slides with additional material that ties it in to the demonstration. 

Hal

- prateek