OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: IMPORTANT - Solicitation of implementation attestations for SAML 2.0

Hi folks,


At the upcoming 09-Nov SSTC con-call (4 weeks from today) we plan to vote to reaffirm the CD-02 documents as SSTC Committee Draft specifications and presumably vote to officially submit SAML 2.0 to OASIS for standardization. Assuming successful votes, the SSTC chairs must provide submission documents to the OASIS TC administrator by 15-Nov. As part of this submission, we must provide OASIS with statements from at least 3 member organizations certifying that they are successfully using the V2.0 specifications.  Without the attestations, we CAN NOT SUBMIT the V2.0 specifications to OASIS for standardization. If we miss the 15-Nov date, our submission will be delayed at least one month. 


Thus, Prateek and I need everyone that has “successfully used” the V2.0 specifications to PLEASE provide us with a statement indicating that fact. In accordance with OASIS guidelines, attestations must be made publicly to the SSTC mailing list.


We'd like to ask that everyone that can do so provide these statements AS SON AS POSSIBLE and not wait until right before the deadline.


The following statement identifies the OASIS position on defining the term "successfully using".  It is taken from:




Certification by at least three OASIS member organizations that they are successfully using the specification. (Despite numerous requests, the OASIS TC Administrator feels it is not in the TC's best interests to further define the meaning of "successfully using". The implementation could really be anything from prototypes or proof of concept all the way up to shrink-wrapped software. Defining this further would only restrict the definition and make it harder for member organizations to say that they are successfully using the specification.) This certification can be in the form of a simple statement in email from a company representative, e.g. "I certify that XYZ company is successfully using...." The implementers must also certify that their implementations comply with known IP encumbrances (see IPR below). The submission should include the URLs of these mail messages in the TC's email archive.



IPR declarations that affect SAML are described at:



Thanks for your attention to this required step in the V2.0 submission process.



Rob Philpott
Senior Consulting Engineer 
RSA Security Inc.
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]