On Jul 17, 2008, at 12:05 PM, Tschofenig, Hannes (NSN - FI/Espoo) wrote:
So here are the questions:
1) Are we getting anywhere, as a WG, with SAML?
I am not sure I fully understand the question.
Is the SIP WG successfully moving the document along, or is it stuck
in perpetual hold zone? Note that we've slipped the charter milestone
for this draft several times. This is not the hallmark of good
management.
2) Is there some other process we should be using that would
be more effective, such as a) a design team leading to
AD-sponsored individual or experimental draft, b) a dedicated
working group on identity issues such as I have proposed?
One of the reasons for us being slow with the document was the
dependency on SIP Identity and all the discussions around it during
the
past year or so. SIP SAML is dependent on SIP identity, at least it
was
up to the current version of the specification.
Initially, I was hoping that these discussions would come to a
conclusion rather soon. As it turns out this wasn't the case.
I am currently leaning towards avoiding the dependency with SIP
Identity
(by using an independent header) and to ignore the discussions that
happen in SIP identity (SBC issues, E.164 numbers, etc.).
Please tell me this doesn't mean you're inventing yet another identity
mechanism for SAML . . .
3) Does the work NEED to be done at all in the IETF?
Is the question focusing on "should this be done at all" or is the
question "is the IETF the right place for it"?
The latter. Is the IETF the right place for this work?
Is there
a constituency of implementation, or are we engaging in a
purely academic exercise?
There are implementations. Unfortunately from different versions of
the
draft -- and the draft has changed over time.
Commercial or widely-deployed free implementations? Or lab
implementations?
Academic exercise: With the current state of deployment almost all SIP
security mechanisms are to some degree academic rather than enjoying
widespread deployment.
True. There is some pressure to stop putting effort into security
mechanisms that are not being deployed.
When starting the work I obviously had a different picture of the next
steps of the SIP deployment in mind. I was hoping for a more end-to-
end
usage of SIP for things other than voice. The document builds, with
regard to the functionality, on SIP Identity. If nobody wants SIP
Identity then I doubt that they are extremly interested in the
advanced
version of SIP Identity.
That's a fair statement.
Perhaps academic publication would
be a more appropriate direction if we lack a constituency.
This document is not more or less academic than the rest of the
documents in the SIP working group. I could list many things -- but I
better try to avoid that. Have already upset the GEOPRIV working group
today.
If you are, however, asking whether the status of the document is
correct (currently PS) and whether it should probably experimental
then
I am not so sure.
Well, the bar to publication as experimental is somewhat lower than
PS. And if we don't expect near-term large-scale deployment,
experimental may be exactly the right track to be on, as it's also a
lot easier to change later once the implementation experience teaches
us what we did wrong.
--
Dean
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
