[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Comment on SAML implementations and their inter-op properties
I think we all been somewhat distracted with a whole range of issues at the time this message appeared. http://burtongroup.com/weblogs/danielblum/ The key part is: "1) OASIS, or an appropriate third party, should arrange for a reference implementation, or test harness, of SAML to be created against which all implementers can freely test over the network. This alone may be sufficient to solve the brunt of the interoperability issue, and it should be possible to create such an implementation using OpenSAML or SourceID in less than 90 days. As a follow up OASIS or an appropriate third party could also arrange for recurring interoperability testing events similar to those Liberty Alliance has announced." I would like to see this discussed further within the TC and explore how to support this. We should begin with SAML 1.X and consider also how we will support SAML 2.0 in the future. With SAML 1.0 in substantial deployment, Netegrity is now receiving inputs on some of the problems with it. And one of the simplest is: how do we know whether your products will inter-operate with vendor X? Or, we had such and such problem and we think its because you guys made a mistake in the ZZZ profile of SAML. There is also an emerging "perception" problem --- these SAML guys aren't serious about on-the-wire interoperability, or they want to sell consulting services or something. All of this is going to dilute the value of SAML 1.X today and SAML 2.0 going forward. Some kind of certification claim would really help with deployment. It would also genuinely separate the situations where consulting is needed versus basic inter-operability. It doesn't have to be a big formal procedure with lots of organizations involved. For example, some vendors are supporting SAML toolkits. Would there be interest amongst vendors to sponsor a third-party to create a test-suite around the two web browser profiles in SAML 1.X and make them available to the community? The SAML toolkit vendor gets the glory and the community gets a test harness. But some investment would need to be made to build the test harness and host it etc. - prateek -----Original Message----- From: Eve L. Maler [mailto:eve.maler@sun.com] Sent: Monday, November 10, 2003 1:58 PM To: 'security-services@lists.oasis-open.org' Subject: Re: [security-services] Comment on SAML implementations and their inter-op properties Interesting and timely feedback. The issue of working on a test suite came up in the September meeting, but we didn't get very far with it. Perhaps we should see if Daniel Blum's exhortation makes it more attractive for some SAML participants to take on this resource-intensive task. At the least, should we be planning additional interop events for various scenarios? Regarding having a a "must-implement profile": This seems a little weird to me if you look at the entire range of possible and existing profiles, though if we couched it in terms like "*If you're doing SSO*, you must support XYZ profile" it would make more sense. We discussed this idea very early on; maybe it's time to revisit it. Regarding "cookbook" material, we are indeed creating more outreach materials, including executive and technical overviews and the FAQ. Maybe we (John Hughes and I?) should contact Daniel about this and offer the opportunity to review and make suggestions. Eve Mishra, Prateek wrote: > http://burtongroup.com/weblogs/danielblum/ > > - prateek > > Prateek Mishra > Director, Tech&Arch > Netegrity > > p: 781-530-6564 > c: 617-875-4970 -- Eve Maler +1 781 442 3190 Sun Microsystems cell +1 781 354 9441 Web Products, Technologies, and Standards eve.maler @ sun.com To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave _workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]