OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] New Schedule for SAML 2.0 Standardization

>Eve, please tell me why its unnecessary to hold an interop event as its
>unnecessary to have a lot of things (like conformance suite) but the TC
>does? I don't see an interop on schedule or in any discussions. Providing
>interoperability should be a core aspect of every OASIS standard (as this
>is why we do stds).

But "should be" and "is" aren't the same thing. It's not a requirement that
an OASIS specification (probably a preferable term, only a few bodies can
create "standards") undergo anything expect a vote to CD, public review,
response, attestations of "use", and submission for final vote (I think
that's the whole list, I'm sure somebody will correct me).

I don't think you can argue that "formal interop event" is part of the
required process, though you can certainly argue it should be.

Also, I assumed the point of requiring attestations is ostensibly to
demonstrate that the spec has been used in some capacity that demonstrates
basic soundness. And that's a precondition for final submission, not CD
approval, unless I'm confused. We could adopt a stricter requirement as to
what constitutes "use", though I'm not sure it's necessary. SAML 1.x did
well enough without it.

>I for one have no idea about the implementation or interoperability issues
>(or non issues) until an interop is done, so its hard to vote to take what
>we have to CD.

Why? CD doesn't mean it can't be changed, it just has to go back through
review if there's a problem. Getting to CD allows people to implement with
some confidence that the spec won't radically change unless a problem is
found, leading to...interop testing. Will we get enough people testing if we
don't put a stake in the ground?

Plus which, how could one argue that it will take more time to just do
another CD and review cycle than to wait for a formal interop to even get to
CD? Why wait?

>I think that with all the changes in SAML 2.0 that an interop is perfectly
>appropriate.

Not saying I agree or disagree, but I would note that most of the pieces in
their progenitive form have undergone extensive interop testing, in the form
of Liberty. Yes, there are changes, but it's more testing than SAML 1.0 or
1.1 got.

>Are you also saying that I can't bring this issue up now as time has
>passed ?

I think the tone was more "why bring this up now, when we've been planning a
CD vote for months?"

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]