OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Summary of Discussion about Submitting XACML (and SAML) to the ITU


On Thursday, September 9 there was a concall with Karl Best and Jamie Clark
of the OASIS staff and Rob Philpott, representing SAML and me representing
XACML.

The following information was provided by Karl and Jamie.

OASIS has an agreement with the ITU (formerly the CCITT) to submit work to
them for standardization. The work would simply be handed over as is and the
ITU would essentially rubberstamp it. The would not propose to modify it or
update it in any way. OASIS would retain exclusive rights to make updates or
changes and create new versions. Only if OASIS chose to relinquish that
right at some future date would the ITU have the option of working on the
spec. There is also an understanding to the effect that once one version of
a spec has been endorsed by the ITU, subsequent versions will get the same
treatment more or less automatically. The ITU has expressed particular
interest in standards relating to security, which is why SAML and XACML are
under discussion.

Apparently the ITU will consider anything OASIS choses to submit. However,
OASIS's policy is only to submit specs which have "gone all the way through
the OASIS process", i.e. OASIS Standards. Since OASIS and ITU have never
done this before, the exact details are unclear at this time. However, Karl
believes that this will mostly be done by the OASIS staff, with some help
from the TC. It is not expected to involve significant new work. Actually,
since OASIS "owns" specs which become OASIS Standards they do not
technically have to get the approval of the TC only the OASIS Board.
However, they would like to know if there are any objections and  they would
most likely follow any recommendations the TC cares to make.

OASIS would like feedback from the TC by roughly the end of September if
possible. As I see it, there are two major points:

1. Does anyone in the TC have any objections to OASIS doing this? Short of
objections are there any questions or concerns that should be raised? If no
one has any problem with this, I propose we pass a resolution to that effect
at our next regular meeting on September 18th.

2. The second question is more vexed. What version of XACML should be
submitted? OASIS will most likely do whatever the TC recommends here. As I
see it we have three choices.

a) Submit 1.0. It is complete and approved. Presumably the ITU can fold in
the errata in some way. This would make the approval of 2.0 a done deal. On
the other hand, 1.0 is already obsoleted by 1.1.

b) Take another look at submitting 1.1 as a OASIS standard. Part of the
reason for not submitting 1.1 was that there was no strong reason do do so.
Perhaps this is the reason. I am pretty sure with a little effort we could
come up with the necessary attestations, assuming the same criteria as for
1.0. We could do the public review and submission in parallel with the 2.0
work. I don't expect a lot of comments. The new 20% rule is an issue, but
Karl says this is likely to be reversed soon and in any event we will have
to face it for 2.0.

c) Wait until we finish 2.0. The pros and cons of this are fairly obvious.

Again, I would like to get everybody's opinion with the objective of voting
on some recommendation on Sept 18th. My opinion on this is still evolving,
so I want to listen to what others have to say.

Hal



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]