-----Original
Message-----
From:
Hal Lockhart [
mailto:hal.lockhart@entegrity.com]
Sent:
Wednesday, April 17, 2002 2:39 PM
To:
'Don Bowen'
Cc:
saml-dev@lists.oasis-open.org
Subject:
RE: [saml-dev] SAML Interop 2002 at Burton Catalyst
>>
Can Sun sponsor a conference bridge? Next Tuesday (4/23) at
>> 12:00 EDT would be a
good time as the regular SAML call has
>> been canceled.
> Yes, I should be able
to set up a bridge for that time. I
> will need to know how
many lines to reserve. Also, aren't you
> on standard time now?
Or am I confused?
You
are confused. ;-) Daylight savings time began April 7, for most of the
US, except for Indiana and a few other places.
>>
We still favor the Internet approach, perhaps each of us
>> working to acheive interoperability
with one other vendor at
>> a time. If not, perhaps
we could have an east coast and a
>> west dry run. A number
of us are here in the Boston area.
>> Seems like it would
be better to hold it in a lab at a
>> company if possible
for better access to power, phone lines, etc.
>
> My only concern with
the internet approach is that it may be
> slower. I like the idea
of a dry run on each coast. Those
> that wanted to participate
in both could. I also like the
> idea of holding it in
a companies lab. I will look into
> whether our lab could
be used on the west coast, but the rest
> of you should do the
same.
Ok,
Prateek? Don? do you have any facilities we could use. I will check here.
>> As far as equipment,
we need to distinguish between end
>> systems, which I assume
each vendor will provide and network
>> equipment which could
be as little as a couple of ethernet switches.
>
Would anyone want to volunteer to create a strawman of what
> they think the overall
demo diagram might look like? We have
> 13 vendors participating.
So, does that mean we want this to
> look like 13 separate
"companies" each implementing a
> different product?
I would assume that to be the case and
> that we will need firewall's,
etc. However, do we really even
> need an internet connection
to make this work? Clearly having
> one makes the demo more
realistic to viewers, but technically
> it seems like a bell
or whistle.
I
am basing this on Prateek's proposal, since it is the only one on the table
at the moment. His idea was that we do the Browser Artifact Profile. Everybody
would provide a Portal (authentication authority & attribute authority)
and an application (PDP & PEP). Everybody's Portal would have links
to all the applications. A user could login at any portal and then access
resources at any application. Users would fall into different categories
(e.g. gold, silver, bronze) each application would have to show that different
categories of users get different treatment and unauthenticated users get
bounced to a portal.
This
would let everybody make their portal and their app as fancy as they like.
(Although our experience shows that a fancy app can actually distract attention
from the security product.)
I
presume most vendors would run their portal, app and infrastructure on
from one to three machines. The whole thing could be run on one or two
switches. I don't know if we would need to provide some client machines
or if Burton would.
I
think we should avoid firewalls or any other complications, it will be
hard enough to get this sucker working. I don't see any reason to involve
the Internet in the demo. We are demonstrating SAML Interoperability. Nothing
currently on the Internet does SAML. Why include it?
You
said 13 vendors. The last count I had was 11. Do you have an updated list?
Here is my list of companies and contacts.
Systinet:
Anne Thomas Manes [atm@systinet.com]
Sigaba:
Jahan Moreh [jmoreh@sigaba.com]
Entegrity:
Hal Lockhart [hal.lockhart@entegrity.com]
Oblix:
Charles Knouse [cknouse@oblix.com]
Baltimore
Technologies: Irving Reid [Irving.Reid@baltimore.com]
Cisco:
Krishna Sankar [ksankar@cisco.com]
Netegrity:
Prateek Mishra [pmishra@netegrity.com]
SUN
-- Don Bowen [don.bowen@sun.com], Ping Luo <ping.luo@sun.com>
CrossLogix
--- Ken Yagen [kyagen@crosslogix.com]
Quadrasis
--- Don Flinn [Don.Flinn@Quadrasis.com]
RSA
--- Rob Philpott [rphilpott@rsasecurity.com]
>> Bilateral testing to
begin as soon as any two vendors are ready.
> How many vendors would
each have to test against to insure
> for themselves that
they are "interoperable"? Does the
> transitive property of
equality apply (if a=b and b=c, then
> a=c)? :-) I agree that
testing should begin any time, but was
> worried also that individual
testing might cause someone to
> feel left out. I guess
I was thinking that size of
> organization would only
matter in terms of being able to help
> out more (you can tell
I'm fairly new to Sun :-)
I
am assuming we will accomplish a complete N X (N-1) set of tests by the
time we are through. If we begin in pairs and immediately report differences
in spec interpretation (as distinct from agreed bugs) to this list, we
should be able to get pairs working together and consistent with everybody
else. Then each party can switch to testing with another. After the first
2 or 3 it should get routine.
>> [Optional] Regional
dry runs at companies or hotel suite during June.
>> Everybody arrive
in SF by July 8 for setup and interop
>> testing in a hotel
suite.
> I actually like this
idea of arriving early, though it makes
> for a long week. The
only negative is that if you find any
> major issues that need
to be dealt with, it might be
> difficult to do it away
from "home" and in time for the real
> demo. I'll confess
to being a half-empty kind of guy. What do
> the rest of you think?
This
is based on my assumption that we have already tested remotely, so any
"major issues" would already have been resolved.
>>>
Details for how the demos will be done is something we need
>>> to discus. We definitely
need a vision here, followed by a
>>> well written script.
This could be one of the most difficult
>>> issues to address
and may be the most key.
>> Once we agree on the
technical specifications, this should
>> not be too hard.
> Not hard maybe, but real
important. I also think this is
> probably the biggest
area where we will need to be on the
> "same team". Again, if
someone wanted to start to create a
> strawman, based on
their own experience with something
> similar, that would be
great.
Maybe
this would be something the marketing group could work on.
> > On Tuesday during a
general session, one of the SAML TC
> > co-chairs, Jeff Hodges
or Joe Pato, will provide a SAML
> > report, including
a "post mortem" on the previous day's activities.
> I've asked Jeff if
they know who is speaking and the decision
> has still not been made
yet, not that it is pertinent to our effort.
It
has now been decided I will be the speaker.
>
> Marketing
> > We will want to have
some kind of marketing done on this
> > prior to Catalyst.
The sooner the better. I am not aware of
> > any plans, but that
doesn't mean there aren't any.
> > I talked to Jim
Kobielus at Burton, who is our interface and
> > he will help. I
actually think it is very important that they
> > assist a lot here,
but again, just my thoughts. I told him we
> > should begin to
"hype" this onsite at registration and during
> > the dinner on Sunday.
> I would hope they would
"hype" it in advance of the show.
> Perhaps they could put
something on the web page.
> Yes, I'll talk with
Jim about this as well. I think OASIS
> should also do some "hyping"
on their web site.
I
talked to Phil Schacter a little while ago. SAML Interop 2002 seemed ok
to him. They are ready to put something on their web page, but they are
waiting for a response from OASIS. They want OASIS to bless the event in
some way as an "official" OASIS event. It can be billed as a "demonstration"
so as not to raise issues of "conformance testing." But they have gotten
no response positive or negative.
Dee,
if you are reading this can you give us a status?
>>
I think each participating vendor should identify a marketing
>> contact to work on this
stuff in parallel to the technical work.
> This is a good idea,
but if one organization had a marketing
> person to put forth
some well thought out ideas it might save
> a lot of effort? Anyone?
I'll definitely talk to our people.
True,
but we need to get our ducks lined up so we can get an ok from each organization
quickly when we need to.
Hal