[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] SAML Interop 2002 at Burton Catalyst
Another problem with internet-based testing is that I doubt some companies will let us go tunneling SOAP exchanges with our "friends" through our corporate firewalls.
Perhaps those willing to host the testing on both coasts should post to the list what they can support and where they are located. Hopefully we'll agree on something central on each coast that doesn't create a logistical nightmare.
We just moved into new corporate headquarters in Bedford MA (near the Sun campus in Burlington) with some excellent, spacious labs and training facilities. I did a quick check and found that we could possibly get something that's outside of our RSA security perimeter (eliminates the guest escort/security badge issues), that meets the requirements and that can be kept locked when we're not using them.
All we need to do is write up specific requirements we might have (number of people, power needs, network connectivity, etc.) and list some possible dates. I'm okay with making the request as long as it doesn't become a big drain on my time.
Rob Philpott RSA Security Inc. The Most Trusted Name in e-Security Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020
-----Original Message-----
>>
Can Sun sponsor a conference bridge? Next Tuesday (4/23) at You are confused. ;-) Daylight savings time began April 7, for most of the US, except for Indiana and a few other places.
>>
We still favor the Internet approach, perhaps each of us Ok,
Prateek? Don? do you have any facilities we could use. I will check here.
>
Would anyone want to volunteer to create a strawman of what I am basing this on Prateek's proposal, since it is the only one on the table at the moment. His idea was that we do the Browser Artifact Profile. Everybody would provide a Portal (authentication authority & attribute authority) and an application (PDP & PEP). Everybody's Portal would have links to all the applications. A user could login at any portal and then access resources at any application. Users would fall into different categories (e.g. gold, silver, bronze) each application would have to show that different categories of users get different treatment and unauthenticated users get bounced to a portal. This would let everybody make their portal and their app as fancy as they like. (Although our experience shows that a fancy app can actually distract attention from the security product.) I presume most vendors would run their portal, app and infrastructure on from one to three machines. The whole thing could be run on one or two switches. I don't know if we would need to provide some client machines or if Burton would. I think we should avoid firewalls or any other complications, it will be hard enough to get this sucker working. I don't see any reason to involve the Internet in the demo. We are demonstrating SAML Interoperability. Nothing currently on the Internet does SAML. Why include it? You said 13 vendors. The last count I had was 11. Do you have an updated list? Here is my list of companies and contacts. Systinet: Anne Thomas Manes [atm@systinet.com] Sigaba: Jahan Moreh [jmoreh@sigaba.com] Entegrity: Hal Lockhart [hal.lockhart@entegrity.com] Oblix: Charles Knouse [cknouse@oblix.com] Baltimore Technologies: Irving Reid [Irving.Reid@baltimore.com] Cisco: Krishna Sankar [ksankar@cisco.com] Netegrity: Prateek Mishra [pmishra@netegrity.com] SUN -- Don Bowen [don.bowen@sun.com], Ping Luo <ping.luo@sun.com> CrossLogix --- Ken Yagen [kyagen@crosslogix.com] Quadrasis --- Don Flinn [Don.Flinn@Quadrasis.com] RSA --- Rob Philpott [rphilpott@rsasecurity.com] I am assuming we will accomplish a complete N X (N-1) set of tests by the time we are through. If we begin in pairs and immediately report differences in spec interpretation (as distinct from agreed bugs) to this list, we should be able to get pairs working together and consistent with everybody else. Then each party can switch to testing with another. After the first 2 or 3 it should get routine.
This is based on my assumption that we have already tested remotely, so any "major issues" would already have been resolved. >>>
Details for how the demos will be done is something we need Maybe
this would be something the marketing group could work on. It has now been decided I will be the speaker. > >
Marketing I talked to Phil Schacter a little while ago. SAML Interop 2002 seemed ok to him. They are ready to put something on their web page, but they are waiting for a response from OASIS. They want OASIS to bless the event in some way as an "official" OASIS event. It can be billed as a "demonstration" so as not to raise issues of "conformance testing." But they have gotten no response positive or negative. Dee, if you are reading this can you give us a status? >>
I think each participating vendor should identify a marketing True, but we need to get our ducks lined up so we can get an ok from each organization quickly when we need to. Hal |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC