RE: [security-services] Comment on SAML implementations and their inter-op properties

[Darren Platt <darren@s3labs.com>]

FYI, the Ping Identity Corp. plans to post a SAML 1.1 test harness to the 
SourceID (www.sourceid.org) web site in the early part of 2004.  SourceID 
is an open source project focused on federated Identity.

Anyone who is interested in Ping's work with interoperability and SourceID 
should contact Ping Identity directly.

-Darren





At 01:06 PM 11/18/2003 -0500, Mishra, Prateek wrote:
>I think we all been somewhat distracted with a whole range of issues at the
>time this message appeared.
>
>http://burtongroup.com/weblogs/danielblum/
>
>The key part is:
>
>"1) OASIS, or an appropriate third party, should arrange for a reference
>implementation, or test harness, of SAML to be created against which all
>implementers can freely test over the network. This alone may be sufficient
>to solve the brunt of the interoperability issue, and it should be possible
>to create such an implementation using OpenSAML or SourceID in less than 90
>days. As a follow up OASIS or an appropriate third party could also arrange
>for recurring interoperability testing events similar to those Liberty
>Alliance has announced."
>
>I would like to see this discussed further within the TC and explore how to
>support this. We should begin with SAML 1.X and consider also how we will
>support SAML 2.0 in the future.
>
>With SAML 1.0 in substantial deployment, Netegrity is now receiving inputs
>on some of the problems with it. And one of the simplest is: how do we know
>whether your products will inter-operate with vendor X? Or, we had such and
>such problem and we think its because you guys made a mistake in the ZZZ
>profile of SAML. There is also an emerging "perception" problem --- these
>SAML guys aren't serious about on-the-wire interoperability, or they want to
>sell consulting services or something. All of this is going to dilute the
>value of SAML 1.X today and SAML 2.0 going forward.
>
>Some kind of certification claim would really help with deployment. It would
>also genuinely separate the situations where consulting is needed versus
>basic inter-operability. It doesn't have to be a big formal procedure with
>lots of organizations involved.
>
>For example, some vendors are supporting SAML toolkits. Would there be
>interest amongst vendors to sponsor a third-party to create a test-suite
>around the two web browser profiles in SAML 1.X and make them available to
>the community? The SAML toolkit vendor gets the glory and the community gets
>a test harness. But some investment would need to be made to build the test
>harness and host it etc.
>
>
>- prateek
>
>-----Original Message-----
>From: Eve L. Maler [mailto:eve.maler@sun.com]
>Sent: Monday, November 10, 2003 1:58 PM
>To: 'security-services@lists.oasis-open.org'
>Subject: Re: [security-services] Comment on SAML implementations and their
>inter-op properties
>
>Interesting and timely feedback.
>
>The issue of working on a test suite came up in the September meeting,
>but we didn't get very far with it.  Perhaps we should see if Daniel
>Blum's exhortation makes it more attractive for some SAML participants
>to take on this resource-intensive task.  At the least, should we be
>planning additional interop events for various scenarios?
>
>Regarding having a a "must-implement profile": This seems a little weird
>to me if you look at the entire range of possible and existing profiles,
>though if we couched it in terms like "*If you're doing SSO*, you must
>support XYZ profile" it would make more sense.  We discussed this idea
>very early on; maybe it's time to revisit it.
>
>Regarding "cookbook" material, we are indeed creating more outreach
>materials, including executive and technical overviews and the FAQ.
>Maybe we (John Hughes and I?) should contact Daniel about this and offer
>the opportunity to review and make suggestions.
>
>         Eve
>
>Mishra, Prateek wrote:
>
> > http://burtongroup.com/weblogs/danielblum/
> >
> > - prateek
> >
> > Prateek Mishra
> > Director, Tech&Arch
> > Netegrity
> >
> > p: 781-530-6564
> > c: 617-875-4970
>--
>Eve Maler                                        +1 781 442 3190
>Sun Microsystems                            cell +1 781 354 9441
>Web Products, Technologies, and Standards    eve.maler @ sun.com
>
>
>To unsubscribe from this mailing list (and be removed from the roster of the
>OASIS TC), go to
>http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave
>_workgroup.php.
>
>To unsubscribe from this mailing list (and be removed from the roster of 
>the OASIS TC), go to 
>http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php. 
>