OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [saml-dev] Minutes of SAML Interop 2002 Conferece call for 5/21/02


Meeting started at 9:00 AM PDT/12:00 EDT

Attendance:

Dee Schur: OASIS 
Jim Kobielus: Burton Group

Irving Reid: Baltimore Technologies
Ken Yagen and Andy Fetter: Crosslogix
Rituparna Das and Matt Kendall: ePeople
Kyle Bergquist: Entergrity
Prateek Mishra: Netegrity
Charles Knouse: Oblix
Simon Godik: OverXeer
Robert Philpott: RSA
Jahan Moreh: Sigaba
Don Bowen and Bhavna Bhatnagar: Sun
Brian [did not get last name]: Tivoli

Initials: Don Bowen- DB, PM - Prateek Mishra, JK - Jim Kobelius, 
----->

Action items:

****Jim K. to get to Dee a final version of the SAML paper this week.

***All Vendors: need to put together a one-page demo package.

***Irving and Rob  will research and report to the group how we should
get SSL certificates (both browser and servers) and how to provision our
browsers and servers with the root certificate.

**Irving to check and see what is the best format for distributing
certificates.

**All vendors: The group needs to work out "acknowledgments verbiage"
for all the gear/certificate providers.

**Dee will email vendors' marketing contact and ask them about their
expectations, as well as for input on the banner poster.

**Jahan will prepare a fifteen minute presentation and send it to the
list copying Jim K.

***Dee will forward to Jahan OASIS standard template.

*** Ken Yagen will go to the Hilton and check the lighting in the room.

*** Jim will get back with the group regarding conference/hotel fees,
logistics, etc. 



------------------>
Marketing discussion
-------------------->
DB: Participation is officially closed; there are twelve vendors (eleven
in attendance today and Novell).


Dee: OASIS marketing: there will be a press release tomorrow, drafted by
PR firm "Sockets". All participating vendors are listed. This is a
pre-press release. OASIS will do a post-press release. Marketing
materials allowed as long as there is an "even playing field". There
will be a desk for distributing literatures. 

DB: can we get a digest of the SAML paper from Jim K?
JK: It is possible to do so. It is up to OASIS. 

****Action: JK to get to Dee a final version of the SAML paper this
week.

Dee: There will be a press event. Dee will talk with Jacqueline about
the press event. The time is not set yet. 
Jim: Prateek and Don will do the press demonstration, is that right?
Prateek: Yes. We should do this by offering some "contacts" to have
press led through the demo.
Jim: It is a good approach to have the press go through the first run.
Don: There are others in group who are interested and qualified. Jahan
has mentioned that he is interested.
Jim: We would like to have representation from multiple vendors in the
press events. 
Jahan: I volunteer to prepare and give presentation to the press and
other participants,
DB: It is important to set the expectation and delineate what SAML is
and isn't. 
Prateek: There needs to be a conference call between vendors for
finalizing the logistics of the event.
Jim: Signs not allowed on the wall. The best thing to do is to have an
OASIS folder including presentation materials and literature package.

***Vendors Action: need to put together a one-page demo package.

JK: You can have sign on monitors: the OASIS Logo, the Vendors logo and
a quick synopsis of what it being presented. 
DB: Should we have a conference call between marketing representatives
of vendors.
PM: We will try to cover the flow of the demo in a vendor-neutral
document.
JK: I want to have each vendor to have the same monitor and the same
sign.
DB: Looking into having Sun provide flat screen monitors. 
Everyone: This is a great idea. 

DB: I am trying to get network for 40 connections.
Jim: It is OK to have the message "hardware provided by Sun" in the
package.
Irving: I can bring a CA but the chance of getting that into the browser
as root is very slim.
Jahan: we should simply provision our browsers with the root CA. It
takes a short time to do it.
Rob: we have one on the public internet and can do this as well.

**Action: Irving and Rob will research and report to the group how we
should get SSL certificates (both browser and servers) and how to
provision our browsers and servers with the root certificate.

Brian: How about SSL server certs?

**Action: Irving to check and see what is the best format for
distributing certificates.

**Action: The group needs to work out "acknowledgments verbiage" for all
the gear/certificate providers.
**Action: Dee will email the marketing contact and ask them about their
expectations, asking them for input on the banner poster.

Jim: Waiting for final power/lighting/etc. requirements before we can
determine the cost/vendor.

DB: are there any comments/questions about the room layout.
Jim: Having one monitor per vendor gives the same real estate to all
vendors.
Jim: Having "cluster" of vendors (vendors that are near each other)
allows the cluster group to demo together. 
Prateek: I suggest that all monitors would be portals to start the demo.
There will some exceptions (such as Sigaba), and we will have to work it
out.
Jahan: I strongly agree with the idea of having clusters.
Jim: We could have a schedule that lists which vendor is taking the
"lead" in starting the demo.
DB: I like the idea of having "schedules".


DB: Confirmed power requirements with each vendor.

DB: Jahan and I talked about having a short on-going presentation. Is
this a good idea? Participants agreed this was a good idea.

**Action: Jahan will prepare a fifteen minute presentation and send it
to the list copying Jim K.
**Action: Dee will forward to Jahan OASIS standard template.

***Action: Ken Yagen will go to the Hilton and check the lighting.

Dees Schur signed off at 10:00 AM PDT.

DB: Need to make sure that there is adequate security in the room
JK: Will ask if there is a security guard.
Everyone: agreed that security is important.
DB: Will specify security requirements and send to Jim so he can cost
it.

Each vendor provided names of the person who will be there at the end of
demo to tear down the room.


** Action item: Jim will get back with the group regarding
conference/hotel fees, logistics, etc. 

Jim signs off at 10:14 AM 


END OF MARKETING DISCUSSION
-------------------------------------------->


Technical Discussion
------------------------
Jahan: We should finalize the URLs.
PM: Every vendor should publish the list of URLs. The URLs will be
"configurable"

PM: We should model the flow that the browser gets to the content site
and then gets redirected to the portal This is the model where an
un-authenticated user attempts access to the content site. 

Irving: If a vendor can do it fine, if not that is OK.
Bhavna: I think that we need to have a consistent flow
Matt: Sounds like each application is different, so it may be good to
have some vendors support.
Group: Made the decision that some vendors will support it.

Andy: Are we going to discuss authorization assertion? I am making a
last appeal to the group to see if anyone else can do it.

Don and Irving: we are not going to be ready for this.
Bhavna: Sun has the interest, but it is a bit late in the game to come
to consensus.
DB: There are others in the group who may want to demonstrate
authorization.
PM: Whatever we do, we should stick with SAML 1.0 bindings/profiles and
not do anything beyond it.
Andy: will send to the list the steps for demonstrating authorization.

PM: Will publish the "issuer" URL in the new version of the interop
technical spec.
Bhavana: Are the any other objections to have a UID in the
nameidentifier be the same across all the vendors?
PM: you can use the UID and do with it what you please. But, we will
have standardized UID.

Irving: we don't care what is the name identifiers, we would only use
the attribute assertion. The federation model is "attribute based".
Rob: We will handle both Nameidentifier and attribute-based models.

Jahan: Will all vendors produce the email address attributes? 
Everyone: Yes.

Jahan: Which vendors will produce email at the end of their transaction?
Action: all will think and get back with the group if they can produce
email. ePeople will have an email at the end of their transaction.

Jahan: Can we relax the requirements of vendors providing content based
on MembershipLevel?
PM: That is fine. This does not hurt the demonstration.

DB: Screen shot of some of the applications would be very useful. Send
jpeg screen shots to the list.

Demo scenario for vendors who had not finalized their application:
Brian (Tivoli): some kind of portal
Charles (Oblix): Car dealership demo.
PM (Netegrity): working on their demo scenario

Irving: would be a good idea to have a printer at the demo and dry run.



MEETING ADJOURNED AT 10:53




---------------------------
Jahan Moreh
Chief Security Architect
tel: 310.286.3070
fax: 310.286.3076



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC