Re: [security-services] Re: Last-call drafts and call for reviewnow available on website

["Karl F. Best" <karl.best@oasis-open.org>]

Rob:

You're correct in that the Public Review is optional before the TC 
finally approves the spec as a Committee Draft *if* that CD is not going 
to be submitted for consideration as an OASIS Standard. If the CD is 
going to be submitted then there must be a public review. But as what is 
sent out for public review must be approved first as a CD, maybe where 
we're at is the first CD approval.

We do it like this: 1) approve as CD, 2) public review, 3) revise, 4) 
reapprove as CD, 5) vote to submit to OASIS.

Steps 1-3 can be repeated as often as desired.

My concern is that the TC has invented a new, extra-procedural step 
named "last call". This is very confusing, both to people who are 
acquainted with the OASIS process and won't know where this fits, as 
well as to people who will confuse this with the W3C process.

That said, I'm happy for us to announce this "review" (or whatever) to 
our members; we should just be clear about where this fits in the 
process to avoid confusion.

-Karl





Philpott, Robert wrote:
> Hi Karl,
> 
> I'm confused.  You say: 
> 
>>Is this "last call" the same as the public review required by the TC 
>>Process before the approval of the spec as a CD by the TC? (see ...
> 
> 
> I do not see anything in the OASIS process that says a TC must have a
> public review BEFORE approving a spec as a CD by the TC.  From the
> process:
> 
> ------------------------
> (a). Approval of a Committee Draft
> 
> Upon completion of a specification the TC may approve the work as a
> Committee Draft. The approval of a Committee Draft shall require at
> least 2/3 of the total membership of a TC voting to approve and no more
> than 1/4 voting to disapprove.
> 
> OASIS TC Administration must be notified at the completion of any ballot
> to approve a Committee Draft, regardless of the outcome of the ballot.
> 
> The name of a Committee Draft may not include any trademarks or service
> marks not owned by OASIS. The Committee Draft must use the
> OASIS-approved document templates and naming, and must include the OASIS
> copyright.
> --------------------------
> 
>>From what I read in the process, the public review is, of course,
> required when the TC wishes to submit the approved CD for OASIS
> standardization. Again, from the process:
> -------------------------
> (b). Approval of an OASIS Standard
> 
> Public Review
> 
> Before the TC can submit its Committee Draft to OASIS membership for
> review and approval as an OASIS Standard, the TC must conduct a public
> review of the work. The decision by the TC to submit the work for public
> review requires a majority vote. The review must be announced by the TC
> Administrator on the OASIS members mail list and optionally on other
> public mail lists. Review must take place for a minimum of 30 days,
> during which time no changes may be made to the document. Comments must
> be collected via the TC's archived public comment facility. The TC must
> record the comments received as well as the resolution of those
> comments.
> --------------------------
> 
> As was noted, our "committee last call" step is an internal SSTC step we
> want to use to ensure that the actual Committee Draft we end up
> approving has seen some public review before we approve it as CD.  
> 
> We do then intend to submit our CD for consideration as an OASIS
> standard, so it will, of course, then need to go through the formal
> 30-day public review as per the process.
> 
> Am I misreading the process?  Where does it say we need a formal public
> review BEFORE we approve a CD?
> 
> Thanks,
> 
> Rob Philpott
> Senior Consulting Engineer 
> RSA Security Inc. 
> Tel: 781-515-7115 
> Mobile: 617-510-0893 
> Fax: 781-515-7020 
> mailto:rphilpott@rsasecurity.com
> 
> -----Original Message-----
> From: Eve L. Maler [mailto:Eve.Maler@Sun.COM] 
> Sent: Wednesday, July 14, 2004 9:55 AM
> To: karl.best@oasis-open.org
> Cc: 'security-services@lists.oasis-open.org'; Dee Schur; Robin Cover;
> 'Prateek Mishra (pmishra@netegrity.com)'; Philpott, Robert; Jeff Hodges
> Subject: Re: [security-services] Re: Last-call drafts and call for
> review now available on website
> 
> Karl-- Let me confer with the current and former co-chairs on this.  The
> 
> SSTC invented this process a long time ago, before the current process 
> existed as such (there used to be no requirements around review prior to
> 
> Ctte Spec/Draft stage), and it may be that the purposes of the two 
> processes coincide sufficiently to be considered the same thing.  But in
> 
> that case, we'll have to formally put the other specs (not all of them 
> were included in this package) through the process as well.
> 
> 	Eve
> 
> Karl F. Best wrote:
> 
> 
>>Eve:
>>
>>Is this "last call" the same as the public review required by the TC 
>>Process before the approval of the spec as a CD by the TC? (see 
>>http://www.oasis-open.org/committees/process.php#committee_draft) Or
> 
> has 
> 
>>that public review already taken place? If it's a public review
> 
> there's 
> 
>>a process to follow, i.e. I have to announce it, etc.
>>
>>But even if the required public review has already taken place this 
>>"last call" could be considered another round of review (see the
> 
> second 
> 
>>para of the section on public review); why don't we do that instead of
> 
> 
>>inventing something that's not in the Process?
>>
>>(But I appreciate your informing me where things are at, and I would 
>>encourage Dee making the announcement once we figure out what to call 
>>this.)
>>
>>-Karl
>>
>>
>>
>>
>>Eve L. Maler wrote:
>>
>>
>>>Folks, the last-call draft package that we approved today is now 
>>>available from the SSTC website.  Please check out the site and let
>>
> me 
> 
>>>know if you find any errors:
>>>
>>>http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
>>>
>>>Note that I've created a zip file for downloading all the last-call 
>>>spec and schema drafts at once:
>>>
>>>
>>
> http://www.oasis-open.org/committees/download.php/7750/sstc-saml-2.0-las
> t-call.zip 
> 
>>>
>>>Karl, Dee, and Robin, although the SSTC does this last-call phase on 
>>>its own as an additional level of review along with the usual 
>>>Committee Draft and OASIS Standard balloting phases, we thought you 
>>>might be interested that we've reached this level.  It indicates that
>>
> 
>>>we believe these specs are feature-complete (though we're prepared to
>>
> 
>>>revise them to accommodate comments) and that we're actively 
>>>soliciting external input even before the Committee Draft phase.  
>>>Think of it as a sort of beta.  (Note that there are other specs in 
>>>the SAML V2.0 set that are either less crucial for initial 
>>>implementation or are non-normative, or both, that will skip this 
>>>last-call phase, though they have working drafts linked from the SSTC
>>
> 
>>>website.)
>>>
>>>Dee, can I request that you add a blurb along the following lines to 
>>>the next issue of OASIS News?  We will also send a note to the 
>>>saml-dev mailing list along these lines.
>>>
>>>"
>>>The Security Services Technical Committee (SSTC) has produced a set
>>
> of 
> 
>>>last-call working drafts for key SAML Version 2.0 specifications and 
>>>schemas, and is soliciting review comments and implementor feedback 
>>>prior to preparing Committee Drafts.  Comments are due by 2 August 
>>>2004.  The last-call drafts can be found here:
>>>
>>>  http://www.oasis-open.org/committees/download.php/7750/
>>>
>>>More information, along with links to additional SAML specification 
>>>drafts, is available at the SSTC website:
>>>
>>>  http://www.oasis-open.org/committees/security
>>>"
>>>
>>>Thanks,
>>>
>>>    Eve
>>
>>
>>
> 


-- 
=================================================================
Karl F. Best
Vice President, OASIS
office  +1 978.667.5115 x206     mobile +1 978.761.1648
karl.best@oasis-open.org      http://www.oasis-open.org