[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [saml-dev] Minutes of SAML Interop 2002 Conferece call for 5/21/02
Meeting started at 9:00 AM PDT/12:00 EDT Attendance: Dee Schur: OASIS Jim Kobielus: Burton Group Irving Reid: Baltimore Technologies Ken Yagen and Andy Fetter: Crosslogix Rituparna Das and Matt Kendall: ePeople Kyle Bergquist: Entergrity Prateek Mishra: Netegrity Charles Knouse: Oblix Simon Godik: OverXeer Robert Philpott: RSA Jahan Moreh: Sigaba Don Bowen and Bhavna Bhatnagar: Sun Brian [did not get last name]: Tivoli Initials: Don Bowen- DB, PM - Prateek Mishra, JK - Jim Kobelius, -----> Action items: ****Jim K. to get to Dee a final version of the SAML paper this week. ***All Vendors: need to put together a one-page demo package. ***Irving and Rob will research and report to the group how we should get SSL certificates (both browser and servers) and how to provision our browsers and servers with the root certificate. **Irving to check and see what is the best format for distributing certificates. **All vendors: The group needs to work out "acknowledgments verbiage" for all the gear/certificate providers. **Dee will email vendors' marketing contact and ask them about their expectations, as well as for input on the banner poster. **Jahan will prepare a fifteen minute presentation and send it to the list copying Jim K. ***Dee will forward to Jahan OASIS standard template. *** Ken Yagen will go to the Hilton and check the lighting in the room. *** Jim will get back with the group regarding conference/hotel fees, logistics, etc. ------------------> Marketing discussion --------------------> DB: Participation is officially closed; there are twelve vendors (eleven in attendance today and Novell). Dee: OASIS marketing: there will be a press release tomorrow, drafted by PR firm "Sockets". All participating vendors are listed. This is a pre-press release. OASIS will do a post-press release. Marketing materials allowed as long as there is an "even playing field". There will be a desk for distributing literatures. DB: can we get a digest of the SAML paper from Jim K? JK: It is possible to do so. It is up to OASIS. ****Action: JK to get to Dee a final version of the SAML paper this week. Dee: There will be a press event. Dee will talk with Jacqueline about the press event. The time is not set yet. Jim: Prateek and Don will do the press demonstration, is that right? Prateek: Yes. We should do this by offering some "contacts" to have press led through the demo. Jim: It is a good approach to have the press go through the first run. Don: There are others in group who are interested and qualified. Jahan has mentioned that he is interested. Jim: We would like to have representation from multiple vendors in the press events. Jahan: I volunteer to prepare and give presentation to the press and other participants, DB: It is important to set the expectation and delineate what SAML is and isn't. Prateek: There needs to be a conference call between vendors for finalizing the logistics of the event. Jim: Signs not allowed on the wall. The best thing to do is to have an OASIS folder including presentation materials and literature package. ***Vendors Action: need to put together a one-page demo package. JK: You can have sign on monitors: the OASIS Logo, the Vendors logo and a quick synopsis of what it being presented. DB: Should we have a conference call between marketing representatives of vendors. PM: We will try to cover the flow of the demo in a vendor-neutral document. JK: I want to have each vendor to have the same monitor and the same sign. DB: Looking into having Sun provide flat screen monitors. Everyone: This is a great idea. DB: I am trying to get network for 40 connections. Jim: It is OK to have the message "hardware provided by Sun" in the package. Irving: I can bring a CA but the chance of getting that into the browser as root is very slim. Jahan: we should simply provision our browsers with the root CA. It takes a short time to do it. Rob: we have one on the public internet and can do this as well. **Action: Irving and Rob will research and report to the group how we should get SSL certificates (both browser and servers) and how to provision our browsers and servers with the root certificate. Brian: How about SSL server certs? **Action: Irving to check and see what is the best format for distributing certificates. **Action: The group needs to work out "acknowledgments verbiage" for all the gear/certificate providers. **Action: Dee will email the marketing contact and ask them about their expectations, asking them for input on the banner poster. Jim: Waiting for final power/lighting/etc. requirements before we can determine the cost/vendor. DB: are there any comments/questions about the room layout. Jim: Having one monitor per vendor gives the same real estate to all vendors. Jim: Having "cluster" of vendors (vendors that are near each other) allows the cluster group to demo together. Prateek: I suggest that all monitors would be portals to start the demo. There will some exceptions (such as Sigaba), and we will have to work it out. Jahan: I strongly agree with the idea of having clusters. Jim: We could have a schedule that lists which vendor is taking the "lead" in starting the demo. DB: I like the idea of having "schedules". DB: Confirmed power requirements with each vendor. DB: Jahan and I talked about having a short on-going presentation. Is this a good idea? Participants agreed this was a good idea. **Action: Jahan will prepare a fifteen minute presentation and send it to the list copying Jim K. **Action: Dee will forward to Jahan OASIS standard template. ***Action: Ken Yagen will go to the Hilton and check the lighting. Dees Schur signed off at 10:00 AM PDT. DB: Need to make sure that there is adequate security in the room JK: Will ask if there is a security guard. Everyone: agreed that security is important. DB: Will specify security requirements and send to Jim so he can cost it. Each vendor provided names of the person who will be there at the end of demo to tear down the room. ** Action item: Jim will get back with the group regarding conference/hotel fees, logistics, etc. Jim signs off at 10:14 AM END OF MARKETING DISCUSSION --------------------------------------------> Technical Discussion ------------------------ Jahan: We should finalize the URLs. PM: Every vendor should publish the list of URLs. The URLs will be "configurable" PM: We should model the flow that the browser gets to the content site and then gets redirected to the portal This is the model where an un-authenticated user attempts access to the content site. Irving: If a vendor can do it fine, if not that is OK. Bhavna: I think that we need to have a consistent flow Matt: Sounds like each application is different, so it may be good to have some vendors support. Group: Made the decision that some vendors will support it. Andy: Are we going to discuss authorization assertion? I am making a last appeal to the group to see if anyone else can do it. Don and Irving: we are not going to be ready for this. Bhavna: Sun has the interest, but it is a bit late in the game to come to consensus. DB: There are others in the group who may want to demonstrate authorization. PM: Whatever we do, we should stick with SAML 1.0 bindings/profiles and not do anything beyond it. Andy: will send to the list the steps for demonstrating authorization. PM: Will publish the "issuer" URL in the new version of the interop technical spec. Bhavana: Are the any other objections to have a UID in the nameidentifier be the same across all the vendors? PM: you can use the UID and do with it what you please. But, we will have standardized UID. Irving: we don't care what is the name identifiers, we would only use the attribute assertion. The federation model is "attribute based". Rob: We will handle both Nameidentifier and attribute-based models. Jahan: Will all vendors produce the email address attributes? Everyone: Yes. Jahan: Which vendors will produce email at the end of their transaction? Action: all will think and get back with the group if they can produce email. ePeople will have an email at the end of their transaction. Jahan: Can we relax the requirements of vendors providing content based on MembershipLevel? PM: That is fine. This does not hurt the demonstration. DB: Screen shot of some of the applications would be very useful. Send jpeg screen shots to the list. Demo scenario for vendors who had not finalized their application: Brian (Tivoli): some kind of portal Charles (Oblix): Car dealership demo. PM (Netegrity): working on their demo scenario Irving: would be a good idea to have a printer at the demo and dry run. MEETING ADJOURNED AT 10:53 --------------------------- Jahan Moreh Chief Security Architect tel: 310.286.3070 fax: 310.286.3076
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC