[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SAML Demo 1/5 Technical Meeting - Decide on Use Cases
During the 1/5 Technical Meeting we will need to finalize what use cases will be included in the SAML 2.0 InterOp Demo. Please plan to attend and be prepared to determine which cases we should use so that we can be sure that we have received input from a majority of participants. Included in this e-mail are: 1) Notes from 12/29 Technical Call 2) Notes from 12/22 Technical Call from Thomas Wisniewski at Entrust 3) My Key Takeaways e-mail for the 12/22 meeting 4) SAML 2 Features Ranking Excel Spreadsheet - Vendor rankings of which use cases they prefer to use Andy Moir 412-213-0338 Work 412-848-1545 Cell andy.moir@oasis-open.org ======================================================================== ================================ 1) 12/29 Meeting Notes ---------------------- - Very limited attendance so we agreed that use cases would need to be finalized at 1/5 meeting. - Dave Silver at Enspier expressed his concern that we have not yet nailed down which use cases we will be using in the demo. He and Terry will be looking for group to nail down final list during 1/5 meeting so that they can help define scenarios for the InterOp - Single Sign on and Single Logout have the highest rankings based on vendor responses (see attached spreadsheet). We discussed again having tiers of use cases. - Tom volunteered to send his notes from 12/22 meeting since I had focused on key takeaways, while he had captured some of the discussion points that may help us nail down use cases during next meeting. - We need to get someone to volunteer to take minutes at each meeting - Dave Silver is needs to get final confirmation that we can use the GSA E-Authentication Interop Lab for February 2-3 (and 4 if necessary). He should have final decision by 1/5 meeting. 2) December 22 (last week) Meeting Notes courtesy of Thomas Wisniewski at Entrust ------------------------------------------------------------------------ ------ 1. For Soap calls (e.g., if Artifact Resolution is used ala Browser-Artifact, or for Attribute Queries), the security model that will be used is Basic Authentication with SSL (i.e., bullet 2 in SamlConform section 3.5). 1a. We should decide on ids/pwds ahead of time. 2. SSO AuthnRequest and Response will be a core use case. 2a. Either Post or Artifact will be used (only one). 2b. The user will most likely be able to start at either the IDP, SP, or some other common site (to be discussed). 2c. The ability to return attributes in the Response (similar to last year). This was mentioned but nothing agree to. 2d. The use of persistent name identifiers (seemed to be the common choice) based on the fact that this is one of the most interesting things in Saml 2.0 -- but nothing was agreed to. Persistent name identifiers includes ID Federation as part of the AuthnRequest/Response protocols. 2e. The format for attributes would be ...:basic (and not uri) for simplicity purposes. 3. SLO Request and Response will be a core use case. 3a. HTTP Redirect will be used (and not soap). 3b. User can initiate from SP or IDP. 3c. Either as a core use case or advanced use case, the IDP SLO may provide the user the list of SPs they are logged into and allow them to logout individually from each SP. 4. MNI new name and terminate will be an advanced use case 4a. Need to decide on HTTP Redirect or SOAP. 4b. User can initiate from SP or IDP. 5. Attribute Query will be an advanced use case. 5a. Need to decide on which attributes should be supported. This includes the ability of changing the data at the IDP site, and then while still logged in at the SP site, being able to retrieve (do an attribute query to the IDP) and obtain the changed information. Some discussion was made of simple attributes that don't require an IDP change feature (e.g., a timer, a counter, clock, etc...) vs. specifying some trivial attributes like bank account balance, favorite color, etc... 5b. The format for attributes would be ...:basic (and not uri) for simplicity purposes. 6. IDP Discovery will be an advanced use case. 7. At minimal , the CD version 3.0 specs and schemas would be used. A set of 3.0a versions was released this week that have some minor changes. Perhaps those should be the default ones used. 8. The Dry Run would possibly include a third day (Friday Feb 4) if this was deemed necessary during the interop. 9. Sampo K. from Symlabs offered to generate certificates for the conference. This is also necessary for the interop. NOTE: it would be ideal if the certs can be generated for the dry run ahead of time and that these same certs could be used at the interop. 10. We will not use encrypted identifiers, attributes, or assertions. ------------------------------------------------------------------------ ------------------------- 3) Following are the meeting notes I had sent out after last week's meeting: Following are key takeaways from our meetng on Wednesday, 12/22: 1) Techncal Lead -Bob Ciochon from Computer Associates has volunteered to be the technical lead for this event. Good news!!! 2) Technical Conference Calls - The recurring Wednesday 6 pm ET conference calls will become Technical calls beginning with the next call on Wednesday, 12/29 - Dial-in information remains the same as previously published 3) Marketing Conference Calls - We need a proposed day of week and time for a recurring Marketing call. People on the marketing list can e-mail me with potential dates times as soon as possible with hope we can get one set up next week. - Brad Meehan from RSA is the Marketing Lead 4) InterOp Demo Dry-Run - Tentatively scheduled for February 2-3 (Wed/TH) in Washington, DC - Andy to follow-up with Enspier/GSA to confirm date/location, plus collect essential travel info (location address, hotels, etc.) 5) Scenarios for Demo - Next technical call will have strong focus on determining Scenarios to use for Demo - Will use the Scenario ranking spreadsheet as a starting point for discussions
SAML2 Features Ranking for InterOp Demo at RSA (vendor responses).xls
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]