RE: Conformance documents - Outline

[Robert Griffin <Robert.Griffin@entrust.com>]

hi Lynne -

 

if you could put together the docs you mention and send them along, that would be great. I've been working from a couple of the things from the OASIS conformance subgroup and the NIST site, but would certainly appreciate anything else as input!

 

i'll be putting out a draft by end-of-day Wednesday at the latest, so that we can look at it and the Conformance Clause in our concall on Friday.

 

regards,

 

bob

-----Original Message-----
From: Lynne Rosenthal [mailto:lynne.rosenthal@nist.gov]
Sent: Friday, May 25, 2001 2:45 PM
To: Krishna Sankar; Robert Griffin; security-conform@lists.oasis-open.org
Cc: eve.maler@east.sun.com; myers@coastside.net; MChanliau@netegrity.com; tony@vordel.com; charles.j.norwood@saic.com; skall@nist.gov
Subject: Re: Conformance documents - Outline

Krishna, et al.

The Conformance Clause document looks like a good start.  I have one specific suggestion - and that is not to use the term "Certification" in the title of Section 2.  Typically, Certification means there is a formal, testing program in which a certificate (brand) will be issued.  I don't think that is what is meant here. 

My other comments are via the attached file.  It contains suggested text for inclusion in the conformance clause.  For the most part, it is samples of text that I've taken from other conformance clauses that we have worked on. I've included it to provide you with examples from which you may be able to use directly or modify for SAML. 

As for the Conformance Program document, I haven't had a chance to look at that closely. However, several other standards have done similar things and I think that you can probably take what they have done and adapt it.  I can probably put together some of these documents and email them to you - if you think that would be helpful.  A lot of what goes into a Conformance Program document will depend on how much you say about it and what type of testing do you anticipate.  I think I have online copies of 2 types of testing documents - those that are part of a Standard (e.g., ISO STEP standard has several documents on testing; GIS standard has a Conformance Document, Rosetta Net).  The other type of document is the type that outline more of the policy and procedures for establishing and running a Testing Program.  This type of information may be dictated by the path chosen for testing - that is, if it is possible and desirable to have NVLAP NIAP certification testing (they already have much of these policies and procedures in place)

Lynne





At 07:53 PM 5/21/01 -0700, Krishna Sankar wrote:

Hi all,
 
    As per our conf call, here are the outlines of the Conformance Clause (which would eventually be part of the SAML specs) and the Conformance Program (which would be a separate document).
 
    I would continue working on the c.clause and Bob (after his exotic trip to Europe :-)) would work on the Conformance Program.
 
    The documents are basically outlines incorporating suggestions from the nist presentations. The next step is to start detailing the sections. Would appreciate any comments on the outline and any thoughts on the details.
 
cheers