From: Hal Lockhart
Sent: Wednesday, April 17, 2002 2:39
To: 'Don Bowen'
Subject: RE: [saml-dev] SAML
Interop 2002 at Burton Catalyst
Can Sun sponsor a conference bridge? Next Tuesday (4/23) at
>> 12:00 EDT would be a good
time as the regular SAML call has
>> been canceled.
> Yes, I should be able to set
up a bridge for that time. I
> will need to know how many
lines to reserve. Also, aren't you
> on standard time now? Or am I
confused. ;-) Daylight savings time began April 7, for most of the US, except
for Indiana and a few other places.
We still favor the Internet approach, perhaps each of us
>> working to acheive
interoperability with one other vendor at
>> a time. If not, perhaps we
could have an east coast and a
>> west dry run. A number of
us are here in the Boston area.
>> Seems like it would be
better to hold it in a lab at a
>> company if possible for
better access to power, phone lines, etc.
> My only concern with the
internet approach is that it may be
> slower. I like the idea of a
dry run on each coast. Those
> that wanted to participate in
both could. I also like the
> idea of holding it in a
companies lab. I will look into
> whether our lab could be used
on the west coast, but the rest
> of you should do the same.
Prateek? Don? do you have any facilities we could use. I will check here.
>> As far as equipment, we
need to distinguish between end
>> systems, which I assume
each vendor will provide and network
>> equipment which could be
as little as a couple of ethernet switches.
Would anyone want to volunteer to create a strawman of what
> they think the overall demo
diagram might look like? We have
> 13 vendors participating. So,
does that mean we want this to
> look like 13 separate
"companies" each implementing a
> different product? I would
assume that to be the case and
> that we will need firewall's,
etc. However, do we really even
> need an internet connection to
make this work? Clearly having
> one makes the demo more
realistic to viewers, but technically
> it seems like a bell or
basing this on Prateek's proposal, since it is the only one on the table at the
moment. His idea was that we do the Browser Artifact Profile. Everybody would
provide a Portal (authentication authority & attribute authority) and an
application (PDP & PEP). Everybody's Portal would have links to all the
applications. A user could login at any portal and then access resources at any
application. Users would fall into different categories (e.g. gold, silver,
bronze) each application would have to show that different categories of users
get different treatment and unauthenticated users get bounced to a portal.
would let everybody make their portal and their app as fancy as they like.
(Although our experience shows that a fancy app can actually distract attention
from the security product.)
most vendors would run their portal, app and infrastructure on from one to three
machines. The whole thing could be run on one or two switches. I don't know if
we would need to provide some client machines or if Burton would.
we should avoid firewalls or any other complications, it will be hard enough to
get this sucker working. I don't see any reason to involve the Internet in the
demo. We are demonstrating SAML Interoperability. Nothing currently on the
Internet does SAML. Why include it?
13 vendors. The last count I had was 11. Do you have an updated list? Here is
my list of companies and contacts.
Anne Thomas Manes [email@example.com]
Jahan Moreh [firstname.lastname@example.org]
Hal Lockhart [email@example.com]
Charles Knouse [firstname.lastname@example.org]
Technologies: Irving Reid [Irving.Reid@baltimore.com]
Krishna Sankar [email@example.com]
Prateek Mishra [firstname.lastname@example.org]
-- Don Bowen [email@example.com], Ping Luo <firstname.lastname@example.org>
--- Ken Yagen [email@example.com]
--- Don Flinn [Don.Flinn@Quadrasis.com]
--- Rob Philpott [firstname.lastname@example.org]
>> Bilateral testing to begin
as soon as any two vendors are ready.
> How many vendors would each
have to test against to insure
> for themselves that they are
"interoperable"? Does the
> transitive property of
equality apply (if a=b and b=c, then
> a=c)? :-) I agree that testing
should begin any time, but was
> worried also that individual
testing might cause someone to
> feel left out. I guess I was
thinking that size of
> organization would only matter
in terms of being able to help
> out more (you can tell I'm
fairly new to Sun :-)
assuming we will accomplish a complete N X (N-1) set of tests by the time we
are through. If we begin in pairs and immediately report differences in spec
interpretation (as distinct from agreed bugs) to this list, we should be able
to get pairs working together and consistent with everybody else. Then each
party can switch to testing with another. After the first 2 or 3 it should get
>> [Optional] Regional dry
runs at companies or hotel suite during June.
>> Everybody arrive in SF by
July 8 for setup and interop
>> testing in a hotel suite.
> I actually like this idea of arriving
early, though it makes
> for a long week. The only
negative is that if you find any
> major issues that need to be
dealt with, it might be
> difficult to do it away from
"home" and in time for the real
> demo. I'll confess to being a
half-empty kind of guy. What do
> the rest of you think?
based on my assumption that we have already tested remotely, so any "major
issues" would already have been resolved.
Details for how the demos will be done is something we need
>>> to discus. We
definitely need a vision here, followed by a
>>> well written script.
This could be one of the most difficult
>>> issues to address and
may be the most key.
>> Once we agree on the
technical specifications, this should
>> not be too hard.
> Not hard maybe, but real
important. I also think this is
> probably the biggest area
where we will need to be on the
> "same team". Again,
if someone wanted to start to create a
> strawman, based on their own
experience with something
> similar, that would be great.
this would be something the marketing group could work on.
> > On Tuesday during a
general session, one of the SAML TC
> > co-chairs, Jeff Hodges or
Joe Pato, will provide a SAML
> > report, including a
"post mortem" on the previous day's activities.
> I've asked Jeff if they know
who is speaking and the decision
> has still not been made yet,
not that it is pertinent to our effort.
now been decided I will be the speaker.
> > We will want to have some
kind of marketing done on this
> > prior to Catalyst. The
sooner the better. I am not aware of
> > any plans, but that
doesn't mean there aren't any.
> > I talked to Jim Kobielus
at Burton, who is our interface and
> > he will help. I actually
think it is very important that they
> > assist a lot here, but
again, just my thoughts. I told him we
> > should begin to
"hype" this onsite at registration and during
> > the dinner on Sunday.
> I would hope they would
"hype" it in advance of the show.
> Perhaps they could put
something on the web page.
> Yes, I'll talk with Jim about
this as well. I think OASIS
> should also do some
"hyping" on their web site.
to Phil Schacter a little while ago. SAML Interop 2002 seemed ok to him. They
are ready to put something on their web page, but they are waiting for a
response from OASIS. They want OASIS to bless the event in some way as an
"official" OASIS event. It can be billed as a
"demonstration" so as not to raise issues of "conformance
testing." But they have gotten no response positive or negative.
you are reading this can you give us a status?
I think each participating vendor should identify a marketing
>> contact to work on this
stuff in parallel to the technical work.
> This is a good idea, but if
one organization had a marketing
> person to put forth some well
thought out ideas it might save
> a lot of effort? Anyone? I'll
definitely talk to our people.
we need to get our ducks lined up so we can get an ok from each organization
quickly when we need to.