Last year's interop spec and final report

["Philpott, Robert" <rphilpott@rsasecurity.com>]

FYI...

Rob Philpott
Senior Consulting Engineer 
RSA Security Inc. 
Tel: 781-515-7115 
Mobile: 617-510-0893 
Fax: 781-515-7020 
mailto:rphilpott@rsasecurity.com


> -----Original Message-----
> From: Andy Moir [mailto:andy.moir@oasis-open.org]
> Sent: Wednesday, January 05, 2005 1:20 PM
> To: sampo@symlabs.com
> Cc: samldemotech@lists.oasis-open.org; samldemoprimary@lists.oasis-
> open.org; Robert.ciochon@ca.com; 'Shin_Adachi'
> Subject: SAML Demo 1/5 Technical Meeting - Decide on Use Cases
> 
> Weekly Technical Conference Calls
> 6 pm ET each Wedneaday
> Dial-in: 781-515-2321
> Conference Password: 1208
> Dial-in and password is the same every week
> 
> 
> -----Original Message-----
> From: sampo@symlabs.com [mailto:sampo@symlabs.com]
> Sent: Wednesday, January 05, 2005 9:06 PM
> To: andy.moir@oasis-open.org
> Cc: samldemotech@lists.oasis-open.org;
> samldemoprimary@lists.oasis-open.org; Robert.ciochon@ca.com;
> 'Shin_Adachi'
> Subject: Re: SAML Demo 1/5 Technical Meeting - Decide on Use Cases
> 
> 
> Andy Moir writes:
> > During the 1/5 Technical Meeting we will need to finalize what use
> > case
> 
> I have not seen any mail announcong this conf call. What time? What
> number? What pin code?
> 
>  --Sampo
> 
> > will be included in the SAML 2.0 InterOp Demo.  Please plan to
attend
> > and be prepared to determine which cases we should use so that we
can
> > be sure that we have received input from a majority of participants.
> >
> > Included in this e-mail are:
> > 1) Notes from 12/29 Technical Call
> > 2) Notes from 12/22 Technical Call from Thomas Wisniewski at Entrust
> > 3) My Key Takeaways e-mail for the 12/22 meeting
> > 4) SAML 2 Features Ranking Excel Spreadsheet - Vendor rankings of
> > which use cases they prefer to use
> >
> > Andy Moir
> > 412-213-0338 Work
> > 412-848-1545 Cell
> > andy.moir@oasis-open.org
> >
> >
======================================================================
> > ==
> > ================================
> >
> >
> > 1) 12/29 Meeting Notes
> > ----------------------
> > - Very limited attendance so we agreed that use cases would need to
be
> 
> > finalized at 1/5 meeting.
> > - Dave Silver at Enspier expressed his concern that we have not yet
> > nailed down which use cases we will be using in the demo.  He and
> > Terry will be looking for group to nail down final list during 1/5
> > meeting so that they can help define scenarios for the InterOp
> > - Single Sign on and Single Logout have the highest rankings based
on
> > vendor responses (see attached spreadsheet). We discussed again
having
> 
> > tiers of use cases.
> > - Tom volunteered to send his notes from 12/22 meeting since I had
> > focused on key takeaways, while he had captured some of the
discussion
> 
> > points that may help us nail down use cases during next meeting.
> > - We need to get someone to volunteer to take minutes at each
meeting
> > - Dave Silver is needs to get final confirmation that we can use the
> > GSA E-Authentication Interop Lab for February 2-3 (and 4 if
> > necessary).  He should have final decision by 1/5 meeting.
> >
> >
> >
> > 2) December 22 (last week) Meeting Notes courtesy of Thomas
Wisniewski
> 
> > at Entrust
> >
----------------------------------------------------------------------
> > --
> > ------
> > 1. For Soap calls (e.g., if Artifact Resolution is used ala
> > Browser-Artifact, or for Attribute Queries), the security model that
> > will be used is Basic Authentication with SSL (i.e., bullet 2 in
> > SamlConform section 3.5).
> >    1a. We should decide on ids/pwds ahead of time.
> >
> > 2. SSO AuthnRequest and Response will be a core use case.
> >    2a. Either Post or Artifact will be used (only one).
> >    2b. The user will most likely be able to start at either the IDP,
> > SP, or some other common site (to be discussed).
> >    2c. The ability to return attributes in the Response (similar to
> > last year). This was mentioned but nothing agree to.
> >    2d. The use of persistent name identifiers (seemed to be the
common
> > choice) based on the fact that this is one of the most interesting
> > things in Saml 2.0 -- but nothing was agreed to. Persistent name
> > identifiers includes ID Federation as part of the
> > AuthnRequest/Response protocols.
> >    2e. The format for attributes would be ...:basic (and not uri)
for
> > simplicity purposes.
> >
> > 3. SLO Request and Response will be a core use case.
> >    3a. HTTP Redirect will be used (and not soap).
> >    3b. User can initiate from SP or IDP.
> >    3c. Either as a core use case or advanced use case, the IDP SLO
may
> 
> > provide the user the list of SPs they are logged into and allow them
> > to logout individually from each SP.
> >
> > 4. MNI new name and terminate will be an advanced use case
> >    4a. Need to decide on HTTP Redirect or SOAP.
> >    4b. User can initiate from SP or IDP.
> >
> > 5. Attribute Query will be an advanced use case.
> >    5a. Need to decide on which attributes should be supported. This
> > includes the ability of changing the data at the IDP site, and then
> > while still logged in at the SP site, being able to retrieve (do an
> > attribute query to the IDP) and obtain the changed information.
Some
> > discussion was made of simple attributes that don't require an IDP
> > change feature (e.g., a timer, a counter, clock, etc...) vs.
> > specifying some trivial attributes like bank account balance,
favorite
> 
> > color, etc...
> >    5b. The format for attributes would be ...:basic (and not uri)
for
> > simplicity purposes.
> >
> > 6. IDP Discovery will be an advanced use case.
> >
> > 7. At minimal , the CD version 3.0 specs and schemas would be used.
A
> > set of 3.0a versions was released this week that have some minor
> > changes. Perhaps those should be the default ones used.
> >
> > 8. The Dry Run would possibly include a third day (Friday Feb 4) if
> > this was deemed necessary during the interop.
> >
> > 9. Sampo K. from Symlabs offered to generate certificates for the
> > conference. This is also necessary for the interop. NOTE: it would
be
> > ideal if the certs can be generated for the dry run ahead of time
and
> > that these same certs could be used at the interop.
> >
> > 10. We will not use encrypted identifiers, attributes, or
assertions.
> >
> >
----------------------------------------------------------------------
> > --
> > -------------------------
> > 3) Following are the meeting notes I had sent out after last week's
> > meeting:
> >
> > Following are key takeaways from our meetng on Wednesday, 12/22:
> >
> > 1) Techncal Lead
> > -Bob Ciochon from Computer Associates has volunteered to be the
> > technical lead for this event. Good news!!!
> >
> > 2) Technical Conference Calls
> > - The recurring Wednesday 6 pm ET conference calls will become
> Technical
> > calls beginning with the next call on Wednesday, 12/29
> >
> > - Dial-in information remains the same as previously published
> >
> > 3) Marketing Conference Calls
> > - We need a proposed day of week and time for a recurring Marketing
> > call.  People on the marketing list can e-mail me with potential
dates
> > times as soon as possible with hope we can get one set up next week.
> >
> > - Brad Meehan from RSA is the Marketing Lead
> >
> > 4) InterOp Demo Dry-Run
> > - Tentatively scheduled for February 2-3 (Wed/TH) in Washington, DC
> > - Andy to follow-up with Enspier/GSA to confirm date/location, plus
> > collect essential travel info (location address, hotels, etc.)
> >
> > 5) Scenarios for Demo
> > - Next technical call will have strong focus on determining
Scenarios
> to
> > use for Demo
> > - Will use the Scenario ranking spreadsheet as a starting point for
> > discussions
> >
> >
> 
> 
> 
> ....................................................................
> Sampo Kellomaki ---> Chief Architect ---> DirectoryScript
> M: +351-918.731.007  F: +351-213.422.185  W: www.symlabs.com Customize
> directories -> LDAP SOAP Liberty SIP -> Directory Extender
>

RSA2004-saml-interop-final.doc