RE: [security-services] Groups - sstc-saml-charter-2.0-draft-02.docuploaded

[Anthony Nadalin <drsecure@us.ibm.com>]

Mike,

I understand your view  but my point is that the monolithic approach has in
the past has proven this is very problematic  (also Jamie Lewis of Burton
Group gave a very good talk about composibility at the Catalyst conference
around the WS-* specifications). Also SAML is not a choice for all end
consumers, thus the end customer gets into a take it or leave it situation
(which is not good for a standard).  The current approach  in the SS-TC
seems to work well for Boeing but there are other customers where this is
not a choice and going down the route of a componentization model solves
both set of requirements and a broader sets of customers.

I hope this helps further explain my posting.


Anthony Nadalin | work 512.436.9568 | cell 512.289.4122


|---------+---------------------------->
|         |           "Beach, Michael  |
|         |           C"               |
|         |           <michael.c.beach@|
|         |           BOEING.COM>      |
|         |                            |
|         |           11/13/2003 04:05 |
|         |           PM               |
|---------+---------------------------->
  >------------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                                |
  |       To:       Anthony Nadalin/Austin/IBM@IBMUS, <security-services@lists.oasis-open.org>                                                     |
  |       cc:       "Whitlock, Stephen" <stephen.whitlock@BOEING.COM>                                                                              |
  |       Subject:  RE: [security-services] Groups - sstc-saml-charter-2.0-draft-02.doc uploaded                                                   |
  >------------------------------------------------------------------------------------------------------------------------------------------------|




I would agree with the merits of componentization and the power of
mix-and-match capabilities.  However, as an end consumer our interest is
ultimately interoperable products.  We believe the ability for us to
improve the means by which we do business with our customers, partners, and
suppliers can be accomplished through ease of use and reduction in
administration.  We see this accomplished by delivering interoperable SSO
and identity federation.

So although technology design principles suggest separation of these
standards as a good thing, it would not seem to lead to an interoperable
solution for our business needs.  I think the flexibility you have proposed
will allow the vendors to 1) pick and choose the standards to be
implemented in their products thus confounding interoperability, or 2)
force the vendors to implement all combinations of the
specifications/standards which adds complexity to our deployments and burns
vendor resources (which we as a customer ultimately pay for).

Therefore Boeing is in favor of the single package concept that facilitates
company to company business collaboration.  Having many ways to assemble
the pieces sounds too much like what we have today.

Mike Beach

Anthony Nadalin | work 512.436.9568 | cell 512.289.4122