Concordia telecon 1 Apr 2008
From Project Concordia
Contents |
Attendance
Eve Maler (Sun), Damien Carru (Oracle), Ari Kermaier (Oracle), Eric Tiffany (Liberty), Ashish Jain (Ping), Dervla O'Reilly (Liberty), Pat Patterson (Sun), Vijay Simha (FuGen), Mike Jones (Microsoft), Caleb Baker (Microsoft), Scott Cantor (Internet2), Brett McDowell (Liberty), Sampo Kellomaki (SymLabs)
Workshop logistics
Dervla reviewed the logistics she just sent out to the list. We are located in Red Room 302, Moscone Center North/South, Esplanade level. We will have access beginning Sunday at 1pm. You need a badge (conference or expo) to get into this area! Hopefully you've already registered!
See the signage banners here: banner 1, banner 2
Directional boards will be placed in high traffic on Monday for attendees (no logos on these signs). We discussed per-table signs; we hadn't planned on per-table signage, but then realized we needed a way to distinguish each table! Dervla will print simple 8.5x11 pages with participant logos and get plastic stands.
See the Moscone Center floorplan.
If you have questions or issues, Dervla's mobile is 415-948-3650.
Interop participants will be expected to come up and do a quick demo at the podium, in alphabetical order. They should each count on a "time budget" of about 15 minutes total for setup, demos, and any slides or other presentation material, assuming the initial talk lasts an hour. Participants should be prepared with any special video conversion dongles they might need. The New Zealand State Services Commission will present as an "honorary" demo participant; they have been doing an InfoCard+SAML POC and have some lessons to share.
Endpoints
We have five up so far: Microsoft, Oracle, Internet2, Ping Identity, SymLabs: RSA IOP Endpoints
Pat reports that Sun is working on its endpoints with a target of the end of the week.
Scott asks: Are people going to be able to demo against other people's IdPs? Pat says that's his goal.
Ashish asks: Are the managed cards going to have the appropriate choice among the five "authentication context" claim types in them? Successful interop should result in only a card with the requested authn claim type being selectable. This isn't quite working yet as far as we can see, but people are working on it. Caleb wasn't planning on putting this into wauth but will try.
What version of WS-Federation is being targeted in the Microsoft implementation? Caleb will get a definitive answer today. The wreply vs. wrealm usage raises a question about our original reasoning on this. The wiki currently says WS-Fed 1.1, but the namespace is more like the Passive Interop Profile version. It's not useful to document too thoroughly what we had to do to get the interop to work next week, because many participants are using developer builds rather than shipping products, but the interop work is useful to highlight issues that need to be solved by ship-time.
Please send Eve any corrections to the participation matrix because this appears in the slides.
Side-discussion of how to represent Levels of Assurance
Eric has been working on a proposal for a SAML profile that uses the authentication context data structure for conveying levels of assurance. But the input from Scott is that people tend to use attributes today instead, partly because it's easy to parse and partly because it's multi-valued in some cases. Eve suggests that maybe a better approach, learning from this, is an attribute profile.
Next meeting
We'll have a two-hour meeting 10am-noon PT on April 22 to digest what we learned at the workshop.
And if anyone feels the need for a quick call on Friday as things get down to the wire, let Eve know!
