* pick note taker and adjust agenda.
* Catalyst planning ?
* experience adding Information Card support to testshib.org
* OSIS as part of testing/certification spectrum for many protocols
* your burning item here
- RL "Bob"
To join an ICF HiDef Conferencing call, dial one of the following
1) Skype Number: +9900827047990866
(this will connect you directly to the conference room)
2) US Toll Number: +1-201-793-9022 7990866#
3) Canada Toll Number: +1-416-800-8948 7990866#
4) US/Canada Toll-free Number: : +1-888-350-0075 7990866#
(please use ONLY if you cannot connect via Skype or a toll number above -
ICF has a fixed allotment of tollfree minutes each month):
5) International Toll Number (follow this with the Conference Room
Austria (0820 401 15470)
Belgium (0703 57 134)
France (0826 109 071)
Germany (0180 500 9527)
Ireland (0818 270 968)
Italy (848 390 177)
Spain (902 885 791)
Switzerland (0848 560 397)
United Kingdom/Northern Ireland (0870 0990 931)
Commands active during the call:
*1 Receive a list of commands
*2 Mute or unmute yourself
*5 Hear the number of attendees
*9 Raise your hand to ask a question (in lecture mode)
I was differentiating that from the sort of product certification
testing that Liberty has undertaken.
That is not to say that there may not be a market for someone
(Kantara) to do that.
The question was around the OIDF wanting to certify compliant
products, like Liberty has with SAML and the ICF may do around
We are hoping to have a face to face discussion around the roles of
the two organizations at Burton Catalyst.
On 29-Jun-09, at 7:19 PM, David Recordon wrote:p
> The OpenID Foundation certainly see the value in interop testing
> which is why we've been funding work within OSIS over the past year.
> On Jun 29, 2009, at 12:59 PM, Drummond Reed wrote:
>> Notes from the OSIS call June 29 2009, 3PM EDT, noon PDT US
>> Bob Morgan
>> John Bradley
>> Tony Nadalin
>> Drummond Reed
>> Dale Olds
>> Paul Trevithick
>> 1) CATALYST MEETING
>> Bob suggested that, even though we don't have a formal event
>> planned at
>> Catalyst, we should have an OSIS group meeting. The group agreed.
>> Concordia meetings on Monday, Tuesday was likely to be the best day.
>> # BOB will send an email to the list suggesting a time, most like on
>> 2) TESTSHIB.ORG
>> Bob explained that Shibboleth originally supported SAML 1.1, then
>> 2.0, and
>> in both cases became a defacto testbed for both. Now the same is
>> with Information Cards.
>> Bob said that their testing software include a self-signed cert,
>> chosen for
>> expediency because there is much other software running on the site
>> (using a
>> commerical cert would have required a wildcard). CardSpace
>> currently stops
>> dead when it encounters a self-signed cert. He reported on their
>> that DigitalMe on Safari also had some issues, vs. DigitalMe on
>> Firefox. The
>> suggestion was to report these issues to the list.
>> There was also discussion of different behaviours with different
>> on Windows 7. That is going to add an entire new dimension to the
>> 3) MULTI-PROTOCOL TESTING
>> Bob said he had a talk with Brett last week about multi-protocol
>> Liberty has done quite a bit of work with SAML and "market-driven
>> OSIS has focused more on Information Cards and OpenID and
>> "engineering-driven testing".
>> They discussed the potential to bring these together (which
>> resulted in
>> rumors that OSIS was going to start a Kantara Working Group).
>> We discussed what the vision of a combined interop testing/
>> testing/certification program might look like. Bob suggested that
>> OSIS could
>> expand its interop testing to include SAML, and that this could be
>> jumpstarted by a contribution of the testing materials from Liberty.
>> Dale pointed out that the level of interop achieved in actual
>> Information Card and OpenID products was still very poor despite the
>> existence of the current ad hoc OSIS tests. He felt that it would
>> take the
>> introduction of a certification mark by the Information Card
>> Foundation and
>> OpenID Foundation tied to passage of an OSIS test suite to really
>> John pointed out that the OpenID Foundation charter explicitly puts
>> certification testing outside the scope of the foundation.
>> By contrast, Drummond said he believed the Information Card
>> Foundation would
>> be very interested in such a program, because interop testing and
>> certification is definitely in scope and becoming more of a priority.
>> So the prospect of multiple communities coming together to develop
>> a program
>> for testing across the Big Three protocols (SAML, Information
>> Cards, OpenID)
>> is something that appears to be of growing interest. It would also
>> address the issue of resources for OSIS - it is currently running
>> on a
>> We agreed that this would be a good central topic for the Catalyst
>> and that it would likely justify a longer meeting, i.e., 2-4 hours on
>> 4) STORK AND SAML HOLDER-OF-KEY PROFILE
>> John explained that at the EEMA meeting in London last week, and
>> the special
>> STORK industry meeting that followed it, we learned that STORK is
>> in using the OASIS SSTC's SAML Holder-Of-Key profile for cross-border
>> secured exchange.
>> John explained that to have this successfully work with browsers
>> require changes in the browsers. It will also involve OSIS
>> expanding its
>> interop work to a larger EU audience.
>> 5) ISSUE OF HOW TO IDENTIFY AN INFORMATION CARD ISSUER
>> John asked the current status of this discussion on the mailing
>> list. Bob
>> and Scott explained that it's not necessarily complete, and the
>> question has
>> moved to where this work should be done and specified. Scott
>> suggested it
>> may be IMI 1.1.
>> Bob pointed out that this issue is not Information Card specific --
>> all of
>> these protocols deliver a set of security options to applications
>> that many
>> applications do not know how to use. So developing and recommending
>> practices is critically important.
>> Bob and Scott pointed out their experience with Shibboleth: if you
>> examples with the code, and they are not robust, you end out with
>> RPs that
>> implement these non-robust examples anyway. So example code, and the
>> practices it embodies, is extremely significant.
>> So this is still open and is possibly another topic for the OSIS
>> F2F meeting
>> at Catalyst.
>> You received this message as a subscriber on the list:
>> To be removed from the list, send any message to:
>> For all list information and functions, see:
> You received this message as a subscriber on the list:
> To be removed from the list, send any message to:
> For all list information and functions, see: