OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: conformance testing for SAML 1.1 and SAML 2.0?

With the standardization of SAML 2.0 now complete, I would like to bring to your attention the issue of conformance testing of SAML 1.1 and SAML 2.0 implementations.
While there have been a number of implementations of SAML 1.1 and several planned for SAML 2.0, we do not at this time have any means of testing for conformance. This means that we have currently no way to determine whether or not a claimed implementation has fully implemented all of the many MUSTs and MUST NOTs that we have taken great care to include in our specification. 
The core issue is what role, if any, should the TC play in specifying or managing SAML conformance. My suggestion would be that the TC manage a detailed spreadsheet or conformance test suite derived from the specification as the "official" statement of conformance. Vendors could then build test suites that implement the conformance test suite.
To progress in this direction, we would need at least one or two participants to become "champions" for this effort, and, also figure out the appropriate logistics. For example, is there a need for a sub-group to work on this issue and report back to the TC or should it take place within the full TC?
Of course, the major task is for TC participants to first decide what role we should play in this area. The goal of this message is to get that discussion started.
- prateek

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]