Hi Dean, >On Jul 17, 2008, at 12:05 PM, Tschofenig, Hannes (NSN - >FI/Espoo) wrote: >>> >>> So here are the questions: >>> >>> 1) Are we getting anywhere, as a WG, with SAML? >> >> I am not sure I fully understand the question. > >Is the SIP WG successfully moving the document along, or is it >stuck in perpetual hold zone? Note that we've slipped the >charter milestone for this draft several times. This is not >the hallmark of good management.
That's indeed true. If I ignore the ongoing SIP Identity discussions then I could finish the document next week. > >>> >>> 2) Is there some other process we should be using that >would be more >>> effective, such as a) a design team leading to AD-sponsored >>> individual or experimental draft, b) a dedicated working group on >>> identity issues such as I have proposed? >> >> One of the reasons for us being slow with the document was the >> dependency on SIP Identity and all the discussions around it during >> the past year or so. SIP SAML is dependent on SIP identity, at least >> it was up to the current version of the specification. >> >> Initially, I was hoping that these discussions would come to a >> conclusion rather soon. As it turns out this wasn't the case. >> >> I am currently leaning towards avoiding the dependency with SIP >> Identity (by using an independent header) and to ignore the >> discussions that happen in SIP identity (SBC issues, E.164 numbers, >> etc.). >> > >Please tell me this doesn't mean you're inventing yet another >identity mechanism for SAML . . . We are re-using the same way how SIP Identity signs the header fields. As such, if the raised issues with SBCs & co are real then the problems would be the same. > > >>> 3) Does the work NEED to be done at all in the IETF? >> >> Is the question focusing on "should this be done at all" or is the >> question "is the IETF the right place for it"? >> > >The latter. Is the IETF the right place for this work? What other organization would you propose? > >>> Is there >>> a constituency of implementation, or are we engaging in a purely >>> academic exercise? >> >> There are implementations. Unfortunately from different versions of >> the draft -- and the draft has changed over time. > >Commercial or widely-deployed free implementations? Or lab >implementations? Lab implementations >> >> Academic exercise: With the current state of deployment >almost all SIP >> security mechanisms are to some degree academic rather than enjoying >> widespread deployment. > >True. There is some pressure to stop putting effort into >security mechanisms that are not being deployed. I can understand that. >> When starting the work I obviously had a different picture >of the next >> steps of the SIP deployment in mind. I was hoping for a more end-to- >> end usage of SIP for things other than voice. The document builds, >> with regard to the functionality, on SIP Identity. If nobody >wants SIP >> Identity then I doubt that they are extremly interested in the >> advanced version of SIP Identity. > >That's a fair statement. > > >>> Perhaps academic publication would >>> be a more appropriate direction if we lack a constituency. >> >> This document is not more or less academic than the rest of the >> documents in the SIP working group. I could list many things >-- but I >> better try to avoid that. Have already upset the GEOPRIV >working group >> today. >> >> If you are, however, asking whether the status of the document is >> correct (currently PS) and whether it should probably experimental >> then I am not so sure. > >Well, the bar to publication as experimental is somewhat lower >than PS. And if we don't expect near-term large-scale >deployment, experimental may be exactly the right track to be >on, as it's also a lot easier to change later once the >implementation experience teaches us what we did wrong. > Maybe that's not a bad idea. Ciao Hannes >-- >Dean > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
