OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsdm-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [wsdm-comment] Public Comment



It has come to my attention that we had not replied to this public comment.  
We did discuss this comment at the F2F (since we were meeting Jan 19-21 when we
received the comment), agreed on a resolution and response, and apparently there
was some misunderstanding about who would actually send the response leading to
no response from the WSDM TC.


Here's the text from the MOWS section in question:
"The following list summarizes common classes of attacks that apply generally to
protocols and
identifies mechanisms available to prevent/mitigate the attacks:
...
Authentication – Authentication is established using the mechanisms described in
WS-Security
and WS-Trust. Each message is authenticated using the mechanisms described in
WS-Security."
...

The results of the discussion of the comment at the F2F were:
- We agreed that this reference was not appropriate or necessary for the
implementation of WSDM MOWS V1.0.
- We agreed that the intent of the wording was general advice to any protocol,

non-normative, and exemplary.
- Since public comment period ended and we had already sent the final WSDM 1.0
package to OASIS, it would have been impossible to change it in time for the current
process underway.  If we had changed any content, even just grammatical, our
understanding is that we would have to reballot the committee draft and we would
miss the entrance into theJanuary standards process. We would have done that for
a normative specification error, but we believed this to be poor wording of
non-normative, advisory section where that strong of a reaction may not be necessary.
- We also agreed that we would remove the reference in the next version of the
WSDM specification.

We hope that this resolution (and our apology for lack of public response) is
satisfactory.


Sincerely
Heather Kreger
STSM, Web Services Lead Architect for SWG Emerging Technologies
Author of "Java and JMX: Building Manageable Systems"
kreger@us.ibm.com
919-543-3211 (t/l 441)  cell:919-496-9572



comment-form@oasis-open.org

01/20/2005 12:54 AM
Please respond to
nishimura.toshi

To
wsdm-comment@lists.oasis-open.org
cc
Subject
[wsdm-comment] Public Comment





Comment from: nishimura.toshi@jp.fujitsu.com

In page 12 of WSDM-MOWS 1.0 document, it refers a specification named "WS-Trust". "WS-Trust" specification I know is the specification by IBM, Microsoft, et al. It is a proprietary spec and have not been submitted to a standardization organization yet.
It is not good to refer non-standard specification from standard specification.

I hope the TC revise the sentence by removing "WS-Trust".


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]