OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-conform message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-conform] notes from conformance subgroup concall on Friday

Title: notes from conformance subgroup concall on Friday

Attendees: Eve Maler, Bob Griffin

        It's been difficult to work out the test cases based on partitions. The problem largely seems to be the overlap of SAML functionality across the partitions, coupled with the increasing depth of SAML functionality (optional elements). So it seemed worthwhile to explore alternatives, at least in terms of establishing test cases and perhaps in terms of defining conformance.

        Based on her docBooks experience, Eve suggested we try putting together a questionnaire that would allow a vendor to define what aspects of SAML they're interested in. We can then base the test cases, and perhaps the conformance, on the assertions and protocol-bindings in the questionnaire.

        I've attached a first cut at such a questionnaire, for the Authentication Assertion. Let me know what you think? I've attached Eve's comments, in this mail. I'll also forward her DocBook example.



ps: i've included in the questionnaire a distinction between "Interoperable Conformance" and "Internal-only conformance". By the latter, I meant an application or implementation that is using SAML assertions itself, but not propagating those assertions outside its environment nor accepting assertions from another environment. I don't know if any implementation or application will be interested in this purely internal use of SAML; but if there is a chance of it, I think we would want to make it clear that the vendor is not claiming interoperability?

-----Original Message-----
From: Eve L. Maler [mailto:eve.maler@sun.com]
Sent: Friday, November 02, 2001 2:41 PM
To: Robert Griffin
Cc: 'Eve L. Maler'
Subject: Re: SAML conformance questionnaire?

It looks great!  I'm not sure how the "Internal Use" section would be
used.  Is this to capture conformance when interoperability is not at
issue?  (Is interoperability a kind of superset of conformance?...)



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC