OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] SAML Interop 2002 at Burton Catalyst

I believe Sigaba and CrossLogix are both in the Bay area (west).
As far as I know, Tivoli is in Austin, Verisign is in Virginia, and Iriving's group at Baltimore is somewhere in Canada. Therefore, they will have to make individual arrangements or come to the east coast or west coast dry runs.
4-5 machines was intended as a maximum, for figuring network ports and electrical outlets. We (Entegrity) can run the whole thing on one laptop if need be. However in a typical product, there might be a browser, on the source side, an authentication authority and a repoository (eg. LDAP) on the destination side, a web server and a PDP. Add a machine to do network sniffing, a machine to do compiles, etc. and the numbers go up quickly. Having unused ports is a small cost compared to have to stop work or build jury rigs.
-----Original Message-----
From: Don Bowen [mailto:don.bowen@sun.com]
Sent: Thursday, April 18, 2002 6:27 PM
To: Hal Lockhart
Cc: 'Philpott, Robert'; saml-dev@lists.oasis-open.org
Subject: Re: [saml-dev] SAML Interop 2002 at Burton Catalyst

Would something like this help? If so, I'll put it into a spreadsheet.

I don't know where all of you are, but would be happy to take your input and add it.

Company                Contact            Coast    Dry Run?    Come Early?
-------                -------            -----    --------    -----------
Baltimore Technologies Irving Reid
Cisco                  Krishna Sankar      West
CrossLogix             Ken Yagen
Entegrity              Hal Lockhart
Netegrity              Prateek Mishra      East
Oblix                  Charles Knouse      West
Quadrasis              Don Flinn           East
RSA Security           Rob Philpott        East
Sigaba                 Jahan Moreh
Sun                    Don Bowen           West
Systinet               Anne Thomas Manes   East
Tivoli                 Bob Blakley
Verisign               Andrew Brown

The "Dry Run?" column is meant to track which companies will participate in a dry run. It assumes dry run would take place before July. Hal had recommended people coming in prior to July 12 (the earliest we can access the room at the Hilton). I think our comfort level during dry runs on each coast and/or tests between any two vendors will help determine whether that is necessary and if so, how early we should come. I would actually think coming in on July 9 would be the soonest we'd need to come and can envision waiting until July 10 or 11.

Hal, you mentioned 4-5 machines per company. Do you really think it will take that many? Can you describe what you envision for Entegrity?


Hal Lockhart wrote:

That is great. Sorry Rob, I somehow forgot about you guys. Looking at the list, I believe the following people are in the Boston area.

RSA Security:Rob Philpott

Systinet: Anne Thomas Manes

Entegrity: Hal Lockhart

Netegrity: Prateek Mishra

Quadrasis --- Don Flinn

Did I miss anybody?

As I said earlier, space and power for 4-5 machines per organization and an ethernet switch should be sufficient. It would be good to have dial out and/or Internet access for downloads. Other than that, the only thing I can think of is a source of coffee. ;-)


-----Original Message-----
From: Philpott, Robert [mailto:rphilpott@rsasecurity.com]
Sent: Wednesday, April 17, 2002 4:55 PM
To: 'Hal Lockhart'; 'Don Bowen'
Cc: saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] SAML Interop 2002 at Burton Catalyst
Another problem with internet-based testing is that I doubt some companies will let us go tunneling SOAP exchanges with our "friends" through our corporate firewalls.

Perhaps those willing to host the testing on both coasts should post to the list what they can support and where they are located.  Hopefully we'll agree on something central on each coast that doesn't create a logistical nightmare.

We just moved into new corporate headquarters in BedfordMA (near the Sun campus in Burlington) with some excellent, spacious labs and training facilities.  I did a quick check and found that we could possibly get something that's outside of our RSA security perimeter (eliminates the guest escort/security badge issues), that meets the requirements and that can be kept locked when we're not using them.

All we need to do is write up specific requirements we might have (number of people, power needs, network connectivity, etc.) and list some possible dates.  I'm okay with making the request as long as it doesn't become a big drain on my time. 

Rob Philpott

RSA Security Inc.

The Most Trusted Name in e-Security

Tel: 781-515-7115

Mobile: 617-510-0893

Fax: 781-515-7020


-----Original Message-----

From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
Sent: Wednesday, April 17, 2002 2:39 PM
To: 'Don Bowen'
Cc: saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] SAML Interop 2002 at Burton Catalyst

>> Can Sun sponsor a conference bridge? Next Tuesday (4/23) at 
>> 12:00 EDT would be a good time as the regular SAML call has 
>> been canceled. 

> Yes, I should be able to set up a bridge for that time. I 
> will need to know how many lines to reserve. Also, aren't you 
> on standard time now? Or am I confused? 

You are confused. ;-) Daylight savings time began April 7, for most of the US, except for Indiana and a few other places.

>> We still favor the Internet approach, perhaps each of us 
>> working to acheive interoperability with one other vendor at 
>> a time. If not, perhaps we could have an east coast and a 
>> west dry run. A number of us are here in the Boston area. 
>> Seems like it would be better to hold it in a lab at a 
>> company if possible for better access to power, phone lines, etc. 

> My only concern with the internet approach is that it may be 
> slower. I like the idea of a dry run on each coast. Those 
> that wanted to participate in both could. I also like the 
> idea of holding it in a companies lab. I will look into 
> whether our lab could be used on the west coast, but the rest 
> of you should do the same. 

Ok, Prateek? Don? do you have any facilities we could use. I will check here.

>> As far as equipment, we need to distinguish between end 
>> systems, which I assume each vendor will provide and network 
>> equipment which could be as little as a couple of ethernet switches.

> Would anyone want to volunteer to create a strawman of what 
> they think the overall demo diagram might look like? We have 
> 13 vendors participating. So, does that mean we want this to 
> look like 13 separate "companies" each implementing a 
> different product? I would assume that to be the case and 
> that we will need firewall's, etc. However, do we really even 
> need an internet connection to make this work? Clearly having 
> one makes the demo more realistic to viewers, but technically 
> it seems like a bell or whistle. 

I am basing this on Prateek's proposal, since it is the only one on the table at the moment. His idea was that we do the Browser Artifact Profile. Everybody would provide a Portal (authentication authority & attribute authority) and an application (PDP & PEP). Everybody's Portal would have links to all the applications. A user could login at any portal and then access resources at any application. Users would fall into different categories (e.g. gold, silver, bronze) each application would have to show that different categories of users get different treatment and unauthenticated users get bounced to a portal. 

This would let everybody make their portal and their app as fancy as they like. (Although our experience shows that a fancy app can actually distract attention from the security product.)

I presume most vendors would run their portal, app and infrastructure on from one to three machines. The whole thing could be run on one or two switches. I don't know if we would need to provide some client machines or if Burton would.

I think we should avoid firewalls or any other complications, it will be hard enough to get this sucker working. I don't see any reason to involve the Internet in the demo. We are demonstrating SAML Interoperability. Nothing currently on the Internet does SAML. Why include it?

You said 13 vendors. The last count I had was 11. Do you have an updated list? Here is my list of companies and contacts.

Systinet: Anne Thomas Manes [atm@systinet.com]

Sigaba: Jahan Moreh [jmoreh@sigaba.com]

Entegrity: Hal Lockhart [hal.lockhart@entegrity.com] 

Oblix: Charles Knouse [cknouse@oblix.com]

Baltimore Technologies: Irving Reid [Irving.Reid@baltimore.com]

Cisco: Krishna Sankar [ksankar@cisco.com]

Netegrity: Prateek Mishra [pmishra@netegrity.com]

SUN      --  Don Bowen [don.bowen@sun.com], Ping Luo <ping.luo@sun.com>

CrossLogix --- Ken Yagen [kyagen@crosslogix.com]

Quadrasis  --- Don Flinn [Don.Flinn@Quadrasis.com]

RSA    --- Rob Philpott [rphilpott@rsasecurity.com]

>> Bilateral testing to begin as soon as any two vendors are ready.
> How many vendors would each have to test against to insure 
> for themselves that they are "interoperable"? Does the 
> transitive property of equality apply (if a=b and b=c, then 
> a=c)? :-) I agree that testing should begin any time, but was 
> worried also that individual testing might cause someone to 
> feel left out. I guess I was thinking that size of 
> organization would only matter in terms of being able to help 
> out more (you can tell I'm fairly new to Sun :-)

I am assuming we will accomplish a complete N X (N-1) set of tests by the time we are through. If we begin in pairs and immediately report differences in spec interpretation (as distinct from agreed bugs) to this list, we should be able to get pairs working together and consistent with everybody else. Then each party can switch to testing with another. After the first 2 or 3 it should get routine. 

>> [Optional] Regional dry runs at companies or hotel suite during June. 
>> Everybody arrive in SF by July 8 for setup and interop 
>> testing in a hotel suite.
> I actually like this idea of arriving early, though it makes 
> for a long week. The only negative is that if you find any 
> major issues that need to be dealt with, it might be 
> difficult to do it away from "home" and in time for the real 
> demo. I'll confess to being a half-empty kind of guy. What do 
> the rest of you think? 

This is based on my assumption that we have already tested remotely, so any "major issues" would already have been resolved.

>>> Details for how the demos will be done is something we need 
>>> to discus. We definitely need a vision here, followed by a 
>>> well written script. This could be one of the most difficult 
>>> issues to address and may be the most key. 
>> Once we agree on the technical specifications, this should 
>> not be too hard.
> Not hard maybe, but real important. I also think this is 
> probably the biggest area where we will need to be on the 
> "same team". Again, if someone wanted to start to create a 
> strawman, based on their own experience with something 
> similar, that would be great.

Maybe this would be something the marketing group could work on. 

> > On Tuesday during a general session, one of the SAML TC 
> > co-chairs, Jeff Hodges or Joe Pato, will provide a SAML 
> > report, including a "post mortem" on the previous day's activities.
> I've asked Jeff if they know who is speaking and the decision 
> has still not been made yet, not that it is pertinent to our effort. 

It has now been decided I will be the speaker.

> > Marketing 
> > We will want to have some kind of marketing done on this 
> > prior to Catalyst. The sooner the better. I am not aware of 
> > any plans, but that doesn't mean there aren't any. 
> > I talked to Jim Kobielus at Burton, who is our interface and 
> > he will help. I actually think it is very important that they 
> > assist a lot here, but again, just my thoughts. I told him we 
> > should begin to "hype" this onsite at registration and during 
> > the dinner on Sunday. 
> I would hope they would "hype" it in advance of the show. 
> Perhaps they could put something on the web page.
> Yes, I'll talk with Jim about this as well. I think OASIS 
> should also do some "hyping" on their web site. 

I talked to Phil Schacter a little while ago. SAML Interop 2002 seemed ok to him. They are ready to put something on their web page, but they are waiting for a response from OASIS. They want OASIS to bless the event in some way as an "official" OASIS event. It can be billed as a "demonstration" so as not to raise issues of "conformance testing." But they have gotten no response positive or negative.

Dee, if you are reading this can you give us a status?

>> I think each participating vendor should identify a marketing 
>> contact to work on this stuff in parallel to the technical work.
> This is a good idea, but if one organization had a marketing 
> person to put forth some well thought out ideas it might save 
> a lot of effort? Anyone? I'll definitely talk to our people. 

True, but we need to get our ducks lined up so we can get an ok from each organization quickly when we need to.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC