OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: IMPORTANT - Solicitation of implementation attestations

Hi folks,


At the 1-July con-call we plan to vote to reaffirm the documents as SSTC Committee Specifications and vote to officially submit V1.1 to OASIS for standardization. Assuming we achieve successful votes, the SSTC chairs must provide submission documents to the OASIS TC administrator by 15-July. As part of this submission, we must provide OASIS with statements from at least 3 member organizations certifying that they are successfully using the V1.1 specifications.


Without the attestations, we CAN NOT SUBMIT the V1.1 specifications to OASIS for standardization. If we miss the 15-July date, our submission will be delayed at least one month. 


Thus, Prateek and I need everyone that has successfully used the V1.1 specifications to PLEASE provide us with a statement indicating that fact. If your organization does not wish to have your attestation made public, just send them to Prateek and myself instead of the list.  We must provide them as part of the submission to OASIS, but it is our understanding that the TC process does not explicitly require them to be made public and we'll honor your request to not announce it to the list.


We'd like to ask that everyone provide these statements as soon as possible and not wait until right before the deadline.


The following statement identifies the OASIS position on defining the term "successfully using".  It is taken from:




Despite numerous requests, the OASIS TC Administrator feels it is not in the TC's best interests to further define the meaning of "successfully using". The implementation could really be anything from prototypes or proof of concept all the way up to shrink-wrapped software. Defining this further would only restrict the definition and make it harder for member organizations to say that they are successfully using the specification.) This certification can be in the form of a simple statement in email from a company representative, e.g. "I certify that XYZ company is successfully using...." The implementers must also certify that their implementations comply with known IP encumbrances (see IPR below).



Note that the only IPR encumbrance that affects SAML at this point is described in:



Thanks for your attention to this required step in the V1.1 submission process.

Rob Philpott
RSA Security Inc.
The Most Trusted Name in e-Security
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]