Re: [security-services] FW: Objection to Ping Identity ReferralService Provider Proposal

["Eve L. Maler" <Eve.Maler@Sun.COM>]

As you requested on the call just now, here's a followup message 
with my own concerns and a few others I'm hearing on the call:

- General sense of a conflict of interest, though I don't think 
anyone is impugning Ping specifically

- Having to bring an early version of our product to a competitor 
for conformance testing

- The lopsided "bragging rights" given to a vendor chosen for 
conformance testing responsibility

	Eve

Andy Moir wrote:
> Eve:
> 
> Please clarify what specific advantages or disadvantages you are concerned
> with so I can address them.
> 
> Thanks.
> 
> Andy
> 
> Andy Moir
> 412.213.0338 Work
> 978.761.1648 Cell
> E-Mail:  andy.moir@oasis-open.org
> 
> -----Original Message-----
> From: Eve L. Maler [mailto:Eve.Maler@Sun.COM] 
> Sent: Monday, April 11, 2005 7:30 PM
> To: Atul Tulshibagwale
> Cc: security-services@lists.oasis-open.org; andy.moir@oasis-open.org
> Subject: Re: [security-services] FW: Objection to Ping Identity Referral
> Service Provider Proposal
> 
> 
> These are valid points; can Andy respond and explain how a subset of 
> vendors won't be placed at advantage or disadvantage with the 
> current proposal?  If this can't be done, I'd be concerned about the 
> whole exercise.
> 
> (I copied Andy, who wasn't included explicitly on Atul's message.)
> 
> 	Eve
> 
> Atul Tulshibagwale wrote:
> 
>>The formatting went crazy in the last email, so this is the 3^rd  try.
>>Sorry for the re-posts.
>>
>> 
>>
>>----------------------------------------------------------------------
>>--
>>
>>*From:* Atul Tulshibagwale [mailto:atul@trustgenix.com]
>>*Sent:* Monday, April 11, 2005 1:34 PM
>>*To:* 'security-services@lists.oasis-open.org'
>>*Cc:* 'andy.moir@oasis-open.org'
>>*Subject:* FW: Objection to Ping Identity Referral Service Provider 
>>Proposal
>>
>> 
>>
>> 
>>
>> 
>>
>>----------------------------------------------------------------------
>>--
>>
>>*From:* Atul Tulshibagwale [mailto:atul@trustgenix.com]
>>*Sent:* Monday, April 11, 2005 1:17 PM
>>*To:* 'andy.moir@oasis-open.org'
>>*Subject:* Objection to Ping Identity Referral Service Provider 
>>Proposal
>>
>> 
>>
>>To OASIS SSTC / Other TCs responsible for this.
>>
>> 
>>
>>Andy,
>>
>> 
>>
>>This email is to formally notify OASIS about objections from 
>>Trustgenix
>>to Ping Identity's proposal for becoming a "Referral Service Provider" 
>>for SAML Testing. While we will not discuss the technical merits of the 
>>proposal in this email, Trustgenix strongly objects to having a vendor 
>>in this space be responsible for running the SAML conformance testing as 
>>there is are several obvious conflict of interest:
>>
>>   1. Ping Identity commercially markets the PingDeploy program and any
>>      feedback that the OASIS community provides to this program will
>>      enable Ping Identity to receive free intellectual property from
>>      the community. We as a competing vendor will not be able to
>>      provide such feedback and strengthen a product of our competitor.
>>      I'm sure there are other vendors who would also think the same and
>>      therefore would not be able to make this a good conformance
>>      specification
>>   2. Ping Identity is a vendor in this space and would be inclined to
>>      make the conformance specification suitable to its implementation.
>>      Based on the objection in (a) above, it will not be in the
>>      interest of other vendors to point out the weaknesses in this
>>      specification
>>   3. In running the service Ping Identity stands to gain intelligence
>>      about competitors products and intellectual property from its
>>      competitors. Trustgenix will not be able to participate in testing
>>      with Ping Identity for these reasons.
>>
>> 
>>
>>Best regards,
>>
>>Atul
>>
>> 
>>
> 
> 

-- 
Eve Maler                                      eve.maler @ sun.com
Sun Microsystems - Business Alliances     x40976 / +1 425 947 4522