OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] SAML Interop 2002 at Burton Catalyst

Title: RE: [saml-dev] SAML Interop 2002 at Burton Catalyst

>> Can Sun sponsor a conference bridge? Next Tuesday (4/23) at
>> 12:00 EDT would be a good time as the regular SAML call has
>> been canceled.
> Yes, I should be able to set up a bridge for that time. I
> will need to know how many lines to reserve. Also, aren't you
> on standard time now? Or am I confused?

You are confused. ;-) Daylight savings time began April 7, for most of the US, except for Indiana and a few other places.

>> We still favor the Internet approach, perhaps each of us
>> working to acheive interoperability with one other vendor at
>> a time. If not, perhaps we could have an east coast and a
>> west dry run. A number of us are here in the Boston area.
>> Seems like it would be better to hold it in a lab at a
>> company if possible for better access to power, phone lines, etc.

> My only concern with the internet approach is that it may be
> slower. I like the idea of a dry run on each coast. Those
> that wanted to participate in both could. I also like the
> idea of holding it in a companies lab. I will look into
> whether our lab could be used on the west coast, but the rest
> of you should do the same.

Ok, Prateek? Don? do you have any facilities we could use. I will check here.
>> As far as equipment, we need to distinguish between end
>> systems, which I assume each vendor will provide and network
>> equipment which could be as little as a couple of ethernet switches.

> Would anyone want to volunteer to create a strawman of what
> they think the overall demo diagram might look like? We have
> 13 vendors participating. So, does that mean we want this to
> look like 13 separate "companies" each implementing a
> different product? I would assume that to be the case and
> that we will need firewall's, etc. However, do we really even
> need an internet connection to make this work? Clearly having
> one makes the demo more realistic to viewers, but technically
> it seems like a bell or whistle.

I am basing this on Prateek's proposal, since it is the only one on the table at the moment. His idea was that we do the Browser Artifact Profile. Everybody would provide a Portal (authentication authority & attribute authority) and an application (PDP & PEP). Everybody's Portal would have links to all the applications. A user could login at any portal and then access resources at any application. Users would fall into different categories (e.g. gold, silver, bronze) each application would have to show that different categories of users get different treatment and unauthenticated users get bounced to a portal.

This would let everybody make their portal and their app as fancy as they like. (Although our experience shows that a fancy app can actually distract attention from the security product.)

I presume most vendors would run their portal, app and infrastructure on from one to three machines. The whole thing could be run on one or two switches. I don't know if we would need to provide some client machines or if Burton would.

I think we should avoid firewalls or any other complications, it will be hard enough to get this sucker working. I don't see any reason to involve the Internet in the demo. We are demonstrating SAML Interoperability. Nothing currently on the Internet does SAML. Why include it?

You said 13 vendors. The last count I had was 11. Do you have an updated list? Here is my list of companies and contacts.

Systinet: Anne Thomas Manes [atm@systinet.com]

Sigaba: Jahan Moreh [jmoreh@sigaba.com]

Entegrity: Hal Lockhart [hal.lockhart@entegrity.com]

Oblix: Charles Knouse [cknouse@oblix.com]

Baltimore Technologies: Irving Reid [Irving.Reid@baltimore.com]

Cisco: Krishna Sankar [ksankar@cisco.com]

Netegrity: Prateek Mishra [pmishra@netegrity.com]

SUN      --  Don Bowen [don.bowen@sun.com], Ping Luo <ping.luo@sun.com>

CrossLogix --- Ken Yagen [kyagen@crosslogix.com]

Quadrasis  --- Don Flinn [Don.Flinn@Quadrasis.com]

RSA    --- Rob Philpott [rphilpott@rsasecurity.com]

>> Bilateral testing to begin as soon as any two vendors are ready.
> How many vendors would each have to test against to insure
> for themselves that they are "interoperable"? Does the
> transitive property of equality apply (if a=b and b=c, then
> a=c)? :-) I agree that testing should begin any time, but was
> worried also that individual testing might cause someone to
> feel left out. I guess I was thinking that size of
> organization would only matter in terms of being able to help
> out more (you can tell I'm fairly new to Sun :-)

I am assuming we will accomplish a complete N X (N-1) set of tests by the time we are through. If we begin in pairs and immediately report differences in spec interpretation (as distinct from agreed bugs) to this list, we should be able to get pairs working together and consistent with everybody else. Then each party can switch to testing with another. After the first 2 or 3 it should get routine.

>> [Optional] Regional dry runs at companies or hotel suite during June.
>> Everybody arrive in SF by July 8 for setup and interop
>> testing in a hotel suite.
> I actually like this idea of arriving early, though it makes
> for a long week. The only negative is that if you find any
> major issues that need to be dealt with, it might be
> difficult to do it away from "home" and in time for the real
> demo. I'll confess to being a half-empty kind of guy. What do
> the rest of you think?

This is based on my assumption that we have already tested remotely, so any "major issues" would already have been resolved.

>>> Details for how the demos will be done is something we need
>>> to discus. We definitely need a vision here, followed by a
>>> well written script. This could be one of the most difficult
>>> issues to address and may be the most key.
>> Once we agree on the technical specifications, this should
>> not be too hard.
> Not hard maybe, but real important. I also think this is
> probably the biggest area where we will need to be on the
> "same team". Again, if someone wanted to start to create a
> strawman, based on their own experience with something
> similar, that would be great.

Maybe this would be something the marketing group could work on.
> > On Tuesday during a general session, one of the SAML TC
> > co-chairs, Jeff Hodges or Joe Pato, will provide a SAML
> > report, including a "post mortem" on the previous day's activities.
> I've asked Jeff if they know who is speaking and the decision
> has still not been made yet, not that it is pertinent to our effort.

It has now been decided I will be the speaker.

> > Marketing
> > We will want to have some kind of marketing done on this
> > prior to Catalyst. The sooner the better. I am not aware of
> > any plans, but that doesn't mean there aren't any.
> > I talked to Jim Kobielus at Burton, who is our interface and
> > he will help. I actually think it is very important that they
> > assist a lot here, but again, just my thoughts. I told him we
> > should begin to "hype" this onsite at registration and during
> > the dinner on Sunday.
> I would hope they would "hype" it in advance of the show.
> Perhaps they could put something on the web page.
> Yes, I'll talk with Jim about this as well. I think OASIS
> should also do some "hyping" on their web site.

I talked to Phil Schacter a little while ago. SAML Interop 2002 seemed ok to him. They are ready to put something on their web page, but they are waiting for a response from OASIS. They want OASIS to bless the event in some way as an "official" OASIS event. It can be billed as a "demonstration" so as not to raise issues of "conformance testing." But they have gotten no response positive or negative.

Dee, if you are reading this can you give us a status?

>> I think each participating vendor should identify a marketing
>> contact to work on this stuff in parallel to the technical work.
> This is a good idea, but if one organization had a marketing
> person to put forth some well thought out ideas it might save
> a lot of effort? Anyone? I'll definitely talk to our people.

True, but we need to get our ducks lined up so we can get an ok from each organization quickly when we need to.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC