emergency-comment message

Subject: RE: [emergency-comment] RE: [CAP] RE: CAP-list digest, Vol 1 #60 - 3 msgs
From: "Bob Wyman" <bob@wyman.us>
To: "'Rex Brooks'" <rexb@starbourne.com>, <awyke@blue292.com>
Date: Fri, 5 Mar 2004 13:46:23 -0500
Rex,
	I seem to have unintentionally done something to upset you...
Please accept my sincere apologies if I have done something wrong by
sending comments relevant to the Emergency Management TC to the
Emergency Management TC's public comment and discussion list. If there
is a more appropriate forum for making comments and asking questions
about CAP, I would appreciate it very much if you could direct me to
it.
	Please be aware that I have been copying my comments to the
emergency-comment list at the explicit request of Allen Wyke who
represents himself as being "Chair of the TC." In mail to me on March
2, he wrote: "as Chair of the TC, I would LOVE to have you cc: these
to the EM TC public comment list". Mr. Wyke seems to be listed on the
OASIS site as the current chair of the group and thus, I accepted his
apparent authority to make the request. see:
(http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=emergency)
Your own mail to the list on Mar 2 seems to indicate that Allen, is,
in fact, the chair even though he is on vacation. If Allen Wyke is
*not* the chairman of the TC, or, if he no longer wishes me to copy
comments to the list, I would very much appreciate knowing this.

You wrote:
> a specification COULD be accepted as a valid submission for 
> OASIS-wide approval as a standard without having demonstrated
> interoperability by having at least three member companies 
> vouch for having used the specification successfully.
	After over 25 years of experience with standards groups, I am
well aware that not all groups require that interoperability be
demonstrated prior to standardization. However, please note that I did
not state such a requirement in my message. I only stated that given
the lack of specification for authentication in the current draft of
CAP, it would be, in my opinion, exceptionally unlikely that two or
more independent interoperating implementations could be created. You
may be correct in stating that this inability to produce interoperable
implementations is not sufficient to block acceptance of the CAP
specification by OASIS. It would not be the first time that such a
standard had been defined.

		bob wyman

-----Original Message-----
From: Rex Brooks [mailto:rexb@starbourne.com] 
Sent: Friday, March 05, 2004 1:57 PM
To: bob@wyman.us; 'Rex Buddenberg'; aschroeder@sharptechnology.com
Cc: cap-list@incident.com; emergency-comment@lists.oasis-open.org
Subject: [emergency-comment] RE: [CAP] RE: CAP-list digest, Vol 1 #60
- 3 msgs


You should remember if you continue to post to the public comment 
list, that we have constrained ourselves from responding officially, 
but I definitely object to this characterization, because it gives a 
wholly wrong impression to anyone who has not already taken the time 
and effort to understand the TC process that a specification COULD be 
accepted as a valid submission for OASIS-wide approval as a standard 
without having demonstrated interoperability by having at least three 
member companies vouch for having used the specification 
successfully. As I said before, I am postponing responding to the 
public comment list until after our next TC meeting, so please don't 
expect an answer from this list. I have joined the CAP list, and I 
may or may not respond there.

Ciao,
Rex

At 12:21 PM -0500 3/5/04, Bob Wyman wrote:
>Rex Buddenberg wrote:
>>  The technical authenticity hooks are all in CAP, but
>>  that doesn't prohibit a hoaxter (but it may make him
>>  less anonymous than predecessor systems).
>	I can't see the "hooks" that you say are in CAP. CAP seems to
provide 
>only a single, optional, clear-text password field as a means for 
>authentication and although it mentions WS-Security, there is no 
>discussion in the specification of how WS Security would be used in 
>CAP. There is certainly not enough information here to produce 
>independent interoperable solutions.
>	Could you please be more specific about where the "hooks" for 
>authentication are? Also, can you present an example of a CAP message

>that uses any of these "hooks"?
>
>		bob wyman
>
>
>To unsubscribe from this list, send a post to
>emergency-comment-unsubscribe@lists.oasis-open.org, or visit 
>http://www.oasis-open.org/mlmanage/.


-- 
Rex Brooks
GeoAddress: 1361-A Addison, Berkeley, CA, 94702 USA, Earth
W3Address: http://www.starbourne.com
Email: rexb@starbourne.com
Tel: 510-849-2309
Fax: By Request
References:
- [emergency-comment] RE: [CAP] RE: CAP-list digest, Vol 1 #60 - 3msgs
  - From: Rex Brooks <rexb@starbourne.com>