RE: [security-services] FW: SOAP Confidentiality and Integrity: N extStep?

["Hallam-Baker, Phillip" <pbaker@verisign.com>]

Actually the article was written before the journalist in question talked to us.

 

At no time did Microsoft, IBM or VeriSign say anything negative about W3C, in fact quite the opposite.

 

The point here is simply that people have had good experiences with OASIS recently and regardless of what anyone thinks of the SAML specification the speed with which it has been completed has been noted.

 

        Phill

-----Original Message-----
From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
Sent: Thursday, June 27, 2002 6:10 PM
To: 'blakley@us.ibm.com'
Cc: 'Hallam-Baker, Phillip'; RL 'Bob' Morgan; OASIS Security Services TC
Subject: RE: [security-services] FW: SOAP Confidentiality and Integrity: N ext Step?

Ok, Bob you caught me. I looked it up and the quote was in an eWeek article here:

 

http://www.eweek.com/article2/0,3959,290627,00.asp

 

The quote I was referring to was:

Eric Newcomer, chief technology officer of Iona Technologies Inc., in Waltham, Mass., and a founding member of the working group that will handle the WS-Security standards effort within OASIS, said from his perspective IBM and Microsoft grew "impatient" with the efforts of the Worldwide Web Consortium (W3C) to deliver a standard around security and Web services.

Newcomer, a member of the W3C Web Services Architecture Working Group, said the group has been trying to create a security working group at the W3C to no avail. "It's hard to do," he said.

However, "I'd say it's a good choice," Newcomer said of the decision to push the standard through OASIS. "They have a good track record" delivering standards, he said.

What I said was:

Actually the Yahoo news article has  a long quote about how they wanted to go to W3C but were rebuffed. So I think that particular bridge is fairly well burnt.

I stand by that. I did not say:

submitted WS-Security to W3C

You did.

However, this all is a distraction form the main point. Which was what I said about the Security JC, which I think all of a sudden will not be a waste of time as I feared.

Hal

-----Original Message-----
From: blakley@us.ibm.com [mailto:blakley@us.ibm.com]
Sent: Thursday, June 27, 2002 6:03 PM
To: Hal Lockhart
Cc: 'Hallam-Baker, Phillip'; RL 'Bob' Morgan; OASIS Security Services TC
Subject: RE: [security-services] FW: SOAP Confidentiality and Integrity: N ext Step?

Hmmm? Which Yahoo news article? I didn't see that quote.

In any event, it is not true that we submitted WS-Security to W3C and it is not true that we were rebuffed.
I know of no reason to believe that any bridge is burnt.

--bob

Bob Blakley (email: blakley@us.ibm.com phone: +1 512 286-2240 fax: +1 512 286-2057)
Chief Scientist, Security and Privacy, IBM Tivoli Software

To: "'Hallam-Baker, Phillip'" <pbaker@verisign.com>, "RL 'Bob' Morgan" <rlmorgan@washington.edu>, OASIS Security Services TC <security-services@lists.oasis-open.org>
cc:
Subject: RE: [security-services] FW: SOAP Confidentiality and Integrity: N ext Step?





Actually the Yahoo news article has  a long quote about how they wanted to go to W3C but were rebuffed. So I think that particular bridge is fairly well burnt.

One thing a lot of people haven't realized yet is that the new TC will have to liaison with the Security JC. So we will have a pretty good forum for achieving cooperation amongst the several Security TCs. If they had gone to W3C, we would have had to try to establish liaison with each TC individually, if at all.

Hal

> -----Original Message-----
> From: Hallam-Baker, Phillip [mailto:pbaker@verisign.com]
> Sent: Thursday, June 27, 2002 1:15 PM
> To: RL 'Bob' Morgan; OASIS Security Services TC
> Subject: RE: [security-services] FW: SOAP Confidentiality and
> Integrity:
> N ext Step?
>
>
> No, I don't think we can say that. However the chances
> of the W3C membership approving a direct competitor to
> WS-Security are negligible.
>
>               Phill
>
> > -----Original Message-----
> > From: RL 'Bob' Morgan [mailto:rlmorgan@washington.edu]
> > Sent: Thursday, June 27, 2002 12:41 PM
> > To: OASIS Security Services TC
> > Subject: Re: [security-services] FW: SOAP Confidentiality and
> > Integrity:
> > Next Step?
> >
> >
> >
> > Does the submission of the WS-Security specs to OASIS (and
> the meeting
> > announced by Phill) mean that there will *not* be a "web services
> > security" activity chartered within the W3C?
> >
> >  - RL "Bob"
> >
> > ---
> >
> > > -----Original Message-----
> > > From: Joseph Reagle [mailto:reagle@w3.org]
> > > Sent: Tuesday, June 18, 2002 1:24 PM
> > > To: www-ws-arch@w3.org
> > > Cc: xml-encryption@w3.org; 3.org@w3.org; www-xkms@w3.org
> > > Subject: SOAP Confidentiality and Integrity: Next Step?
> > >
> > >
> > >
> > >
> > > This email is a final step in a thread in how to start work
> > on providing
> > > confidentiality and integrity for SOAP messages. I've
> > discused a range of
> > > security issues [1] with a conclusion that this topic
> > (soap+xmldsig+xenc)
> > > is most pressing; however, I was not able to find agreement
> > that this issue
> > > should be shoe-horned into an existing WG, instead it
> > should be part of the
> > > Web Services security. [2]
> > >
> > > Though I'm relatively ignorant of the ws-arch discussions,
> > I've heard the
> > > ws-arch WG is considering this issue and will try to have charters
> > > available for work in July [3], but that the immediate
> > issue might also be
> > > delayed be consideration of the bigger issues.
> > Consequently, I'd recommend
> > > that a charter for work in the WS Activity be specified
> > with a scope no
> > > larger than [4] -- and potentially more narrow (e.g.,
> > without tokens). A
> > > "web services security" community does not yet exist (or it
> > does, but it's
> > > fragmented) and starting work on this immediately not only
> > commences with
> > > the work, but helps build a community which then can
> > contribute to the
> > > larger discussion. For instance, because standardized
> > security components
> > > do not yet exist, specifications such as XKMS [5] may end
> > up specifying
> > > "one-off" versions in the short term. However, these could
> > be contributed
> > > to the WS work. We all know somebody who knows somebody who
> > is in the other
> > > WG, but sometimes that isn't quite enough. <smile/>
> > >
> > > In conclusion, I advocate a charter with specific and
> > immediate terms, and
> > > an active recruitment of participants. Please let me know
> > if and how events
> > > are likely to be otherwise. Thanks!
> > >
> > >
> > > [1]
> http://lists.w3.org/Archives/Member/w3c-ac-forum/2002AprJun/0022.html
> > [2]
> http://lists.w3.org/Archives/Public/www-xenc-xmlp-tf/2002Jun/0002.html
> > [3] http://www.w3.org/2002/05/28-ws-cg-irc.txt
> > [4]
> >
> http://www-106.ibm.com/developerworks/security/library/ws-secu
re/?dwzone=sec
> urity
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/
> html/ws-security.asp
> [5] http://lists.w3.org/Archives/Public/www-xkms/2002Jun/0016.html
>
>
> --
> Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
> W3C Policy Analyst                mailto:reagle@w3.org
> IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
> W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>

----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>