[Concordia] Notes from 19 Feb 2008 Concordia call: note next steps below!

Eve Maler Eve.Maler at Sun.COM
Tue Feb 19 14:57:58 EST 2008 

Notes are up:

http://projectconcordia.org/index.php/Concordia_telecon_19_Feb_2008

(I corrected the spelling of Allen's name on the wiki version...sorry,  
Allen!)

On Feb 19, 2008, at 11:15 AM, Eve Maler wrote:

> [I'll put this on the wiki shortly with more links etc. added.]
>
> == Next meeting and next steps ==
>
> Tuesday, 4 March 2008
> 10-11am PT / 1-2pm ET / 6-7pm UK / 7-8pm CET
> US toll-free +1 866 469 3239 or caller-paid +1 650 429 3300
> Code 7860-6951#
>
> We need to know interop participation details and A/V needs by FRIDAY,
> FEBRUARY 29.  We will set up the list of interop roles by MONDAY,
> FEBRUARY 25 and will encourage all the interop technical contacts to
> sign up immediately and provide A/V requirements.
>
> == Attending ==
>
> Eve Maler (Sun), Mike Jones (Microsoft), Ari Kermaier (Oracle), Damien
> Carru (Oracle), Allen Schaas (PKMI TC), Britta Glade (LAP), Ashish
> Jain (Ping ID), Scott Cantor (Internet2), Brett McDowell (LAP),
> Shivaram Mysore, Eric Tiffany (LAP), Sampo Kellomaki (Symlabs), Gerry
> Beuchelt (Sun)
>
> == AI roundup ==
>
> Pending:
>
> * Eve to work up a draft of presentation material, and all to review
> and comment. [To be done a bit closer to the event, when the
> participation matrices and scenario details are filled out.]
> * All to collate A/V needs for RSA by the end of February. [Ongoing.]
> * Scott to flesh out the IdP discovery problem wiki page. [Ongoing but
> low priority.]
>
> New this time:
>
> * Eric to create a list of scenario roles and companies participating
> in each one.
> * Mike J. to update the wiki to reflect what was discussed, in the
> "Chained SAML/WS-Federation SSO" area (we need a new wiki page for
> this).
> * Scott and Mike J. to fork the infocard+federation scenario to allow
> for separate SAML and WS-Fed branches.
> * Mike J. to check on the applicable version of WS-Fed that he
> suggests to target.
>
> == Interop participation ==
>
> Looking at the list of tentative participants:
>
> http://projectconcordia.org/index.php/RSA_IOP_Scenarios
>
> Oracle has now confirmed that it will participate, with today's two
> call participants being the technical contacts.  CA is still pending.
> Sun's technical contact will be Pat Patterson.  Sampo is interested in
> the newly developing WS-Fed/SAML scenario as well as the infocard
> scenarios.
>
> AI: Eric to create a list of scenario roles and companies
> participating in each one.
>
> The Liberty event in Santa Clara, hosted by Sun, in early March was
> discussed as a potential location for a dry run.  Some of the RSA
> participants will be around, but there won't be critical mass for a
> true dry run.  We'll try to get people together if their intended
> interop roles will line up nicely.  We do have space for Concordia
> side-meetings there for the whole week.
>
> We have one more Concordia call on March 4 before the Santa Clara
> event, to give attendees of that event the best chance of exploiting
> the F2F opportunity.  We might be able to set up some online testing
> that we can use in that timeframe.
>
> == Report on WS-Fed/SAML2 scenario ==
>
> Mike reports that he executed his AI from the last call to get
> together with tentative participants on the WS-Fed/SAML scenario.
> They met today (MSFT, Sun, Ping ID) and came up with a rough plan.
> Sun needs to first ensure that OpenSSO can issue SAML2 tokens for WS-
> Fed, e.g., and MSFT and Ping also need to do some remedial work.
> Others (e.g. Sampo) would be interested in participating if the wiki
> can be updated soon enough to give them a look.  What's new in our
> scenario vs. what's been done in the past, e.g. the Burton multi-
> protocol interop event, is the presence of the SAML2 tokens.
>
> AI: Mike J. to update the wiki to reflect what was discussed, in the
> "Chained SAML/WS-Federation SSO" area (we need a new wiki page for
> this).
>
> We believe this scenario involves WS-Fed SP, WS-Fed IdP, SAML SP, and
> SAML IdP roles, all using SAML2 as their common token format.  The
> basic mechanism to achieve this bridging would be proxying.  After
> logging into the WS-Fed IdP, the issued SAML2 token could contain
> authn context statements using the Concordia-defined URIs (which means
> we can essentially build a composite scenario that involves the use of
> all of WS-Fed, infocards, and SAML2 protocol).
>
> Eve would like to have a "clean" scenario that deals with WS-Fed and
> SAML in the absence of infocards (in addition to their presence).  We
> don't have a lot of time left, so we should have a small set of well-
> defined scenarios.  Scott concurs.
>
> == Interop roles for all of the scenarios ==
>
> The infocard+federation scenario bucket seems, according to the wiki,
> to be solely about SAML federation; we haven't focused on details of
> infocards+WS-Fed to date.  We will consider interop roles for WS-
> Federation that are parallel to those for SAML in our interop
> participation list/matrix, and then see who signs up.  We'll need to
> nail down deployment details for each individual scenario using its
> own set of specific protocols.
>
> AI: Scott and Mike J. to fork the infocard+federation scenario to
> allow for separate SAML and WS-Fed branches.
>
> == RSA logistics ==
>
> Right now we have 220 people signed up for this workshop!  The room
> will hold 350-400.  We expect additional signups in the next seven
> weeks.
>
> Our plan is to present, for ~60 minutes, the scenarios we've chosen
> and ask deployers for their further input.  Then we can break and
> allow people to wander around the different interop stations.  Eve and
> Allen are currently signed up to do this presentation.  One "interop
> station" may just be a continued interview-type discussion among
> deployers; Eve can run this.
>
> Britta is working on email message #1 to send to the RSA workshop
> attendees who have opted in to share their email info with us.  We'll
> mention the confirmed interop participant companies in this email, and
> supply more details in email #2 closer to the event.
>
> == Interop roles ==
>
> We think the following are the possible interop participation roles:
>
> * For the infocards+federation scenarios (all using SAML2 tokens, with
> the exceptions noted below):
>
> ** For the infocards+SAML2 protocol scenario (we also need an
> indication of authn method):
> *** Infocard client (which is also an IdP for self-asserted cards --
> this needs SAML1.1 tokens)
> *** Infocard RP/SAML2 IdP
> *** STS (optional)
>
> ** For the infocards+WS-Fed protocol scenario (we also need an
> indication of authn method):
> *** Infocard client (which is also an IdP for self-asserted cards --
> this needs SAML1.1 tokens)
> *** Infocard RP/WS-Fed IdP
> *** STS (optional)
>
> * For the WS-Fed/SAML2 protocol bridging scenario (using SAML2  
> tokens):
> ** WS-Fed1.1 RP
> ** WS-Fed1.1 IdP
> ** SAML2 SP
> ** SAML2 IdP
>
> We should point to the exact specs whose versions we intend to use:
> SAML2, SAML1.1, WS-Fed ?? (Mike will check), infocards (Identity
> Selector Interoperability Profile v1.0).
>
> AI: Mike J. to check on the applicable version of WS-Fed that he
> suggests to target.
>
> Our goal is to get enough detail on the wiki to allow interop
> participants to sign up; once we have coverage of the roles, we can
> get down to the task of fleshing out subject confirmation details,
> metadata usage details, etc.  Scott suggests self-signed
> certificates.  He notes that there are no callbacks in our scenarios,
> so we don't need to mess with TLS.
>

Eve Maler                                         +1 425 947 4522
Principal Engineer                            eve.maler @ sun.com
Business Alliances group                    Sun Microsystems, Inc.

More information about the Community mailing list