[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [oasis-member-discuss] Proposed Submission of OASIS WS-Security v1.1 to ITU
We, the undersigned, strongly support the submission of WS-Security 1.1 for de-jure standardization. We note that WS-I previously submitted several of its profiles (the WS-Basic Profiles) to JTC 1 via the JTC 1 PAS Transposition Process. These profiles have now been adopted as ISO/IEC International Standards. We believe that the Web Services community will be best served if the OASIS Web Services specifications are submitted in a way that they can be reviewed and processed consistently in the same de-jure organization; in particular, we believe that an organization directly focused on web services, and which can appropriately work with other domain/topic-specific groups, is the most appropriate approach. We see advantages in submitting them to either ITU-T SG17 (because of the telecommunication security and identity management concerns) or JTC 1 SC 38 (because of the web services focus), but believe that WS- Security 1.1 should be submitted to JTC 1, and as decisions are reached to submit further OASIS Web Services specifications, JTC 1 SC 38 should continue to be the recipient. OASIS has successfully submitted other OASIS Standards to JTC 1 using the PAS Transposition Process while retaining technical ownership of their evolution. This need not preclude collaboration with ITU-T to make WS-Security a component of security standards suite. We note that the OASIS Liaison policy (http://www.oasis-open.org/committees/liaison_policy.php ) contains an option that the "OASIS President may approve the request with changes to the proposed submission method, schedule or designated receiving organization". [See section 3.4, "Policy for submitting OASIS Standards for adoption by other organizations"] We would like to respectfully request that the submission request be approved and that the receiving organization be JTC 1. Once JTC 1 receives the submission request from OASIS, it should be able to start the PAS Transposition Process (which includes a 6-month ISO/IEC national body letter ballot) within a few weeks. We also recommend that JTC 1 assign administrative responsibility for this PAS Transposition to the newly created JTC 1 SC 38(Distributed Application Platforms and Services - DAPS). [See http://www.iso.org/iso/standards_development/technical_committees/other_bodies/iso_technical_committee.htm?commid=601355 ] Sincerely, Paul Lipton, CA (paul.lipton@ca.com) Hiroshi Yoshida, Fujitsu Limited (hyoshida@jp.fujitsu.com) Joel Fleck, HP (joel.fleck@hp.com) Kelvin Lawrence, IBM (klawrence@us.ibm.com) Paul Cotton, MS (paul.cotton@microsoft.com) Jeff Mischkinsky, Oracle (jeff.mischkinsky@oracle.com) Mark Little, Red Hat (mlittle@redhat.com) Claus Von Riegen, SAP (claus.von.riegen@sap.com) On Mar 04, 2010, at 6:13 PM, jamie.clark@oasis-open.org wrote: > To OASIS members, member announce lists: > > OASIS has been asked, by the members listed below, to submit the > following OASIS Standard to the International Telecommunications > Union, Telecommunication Standardization Sector (ITU-T), Study Group > 17 on Security: > > Web Services Security v1.1 [n1] > > The OASIS Liaison Policy sets requirements for submissions of OASIS > specifications to external standards organizations. [n2] In the > case of a work produced by a closed Technical Committee, > OASIS rules require that five or more organizational members make > this request. The request is attached below; it includes more > detailed information on the proposed submission and its terms. > > OASIS has determined that the request meets the policy's initial > requirements. Our rules provide that any such request be posted to > OASIS members for comment. The member review starts today, 4 March > 2010, and ends 3 April 2010. This is an open invitation to members > to comment. Under our Liaison Policy, OASIS will make a final > determination to confirm the submission at the close of the review > period. > > More information about the specification, and the WS-Security TC who > originated it, may be found at the public home page of the TC. > [n3] Additional non-normative information about the proposed > submission may also be posted to the [oasis-member-discuss] list, > during the review period. > > Comments on this proposed submission should be send to oasis-member-discuss@lists.oasis-open.org > . That list is publicly archived [n4], and any OASIS member may > subscribe. [n5] A link to this notice is cross-posted to relevant > OASIS announcement lists. > > The submission request is appended below. > > Respectfully, JBC > > ~ James Bryce Clark > ~ General Counsel, OASIS > ~ http://www.oasis-open.org/who/staff.php#clark > > [n1] WS-Security v1.1 as approved: http://www.oasis-open.org/specs/index.php#wss > [n2] Liaison Policy: http://www.oasis-open.org/committees/liaison_policy.php#submitwork > [n3] Archived TC pages: http://www.oasis-open.org/committees/wss > [n4] List archive: http://lists.oasis-open.org/archives/oasis-member-discuss/ > [n5] Comment lists & subscriptions: http://lists.oasis-open.org/archives/ > > -------- > Proposed Submission Request terms > [The six questions are quoted from the OASIS Liaison Policy] > > Specification to be submitted: Web Services Security v1.1, as > approved in February 2006. See http://www.oasis-open.org/specs/index.php#wss > > Q1. The name(s) of the submission requester(s), that is, the TC, > the Member Section, or the OASIS Organizational Members that support > the submission request as described in section 1(d). > > A1: CA, IBM, Microsoft, Red Hat, SAP > > Q2. The name of the intended receiving standards organization. The > request may also suggest the committee or group in that organization > which should process that submission. > > A2: ITU-T Study Group 17 on Security > > Q3. The intended status or outcome that the request seeks from the > receiving organization's process; and a short description of the > receiving organization's approval process, including estimated time > required, stages of approval and who votes at each stage. > > A3: Final approval as an ITU Recommendation without change. > Preservation of the content without alteration, except for non- > technical, front-page-type matter. It is anticipated that the > submission will be transmitted to ITU-T SG17 and submitted for study > group consent vote at their regular plenary in April 2010, followed > by an ITU member review & confirmation process that may conclude in > late May. > > Q4. An explanation of how the submission will benefit OASIS. > > A4: Increased visibility and implementation of the established > standard, due to the positive sanction associated with the ITU > process. > > Q5. The expected licensing, copyright and other intellectual > property terms that will be used by the receiving organization in > regard to the submission. > > A5: Use of the OASIS standard and will continue to be is permitted > under the terms of the OASIS IPR Policy. As before, our submission > would call to the attention of ITU and potential users of its works > the existence of the disclosures and license statements made > pursuant to the OASIS process (see http://www.oasis-open.org/committees/wss/ipr.php) > , OASIS plans to contact parties listed there, to advise them of > the submission and the possibility of further inquiry about > availability from ITU-T. > > Q6. A statement of the intended future plans for versioning and > maintenance of the OASIS Standard and/or Approved Errata for that > standard, and the expected roles of OASIS and the receiving > organization. This must include clear statements of the rules of the > receiving organization applicable to maintenance of an approved > submitted standard, and to future versions of that standard; any > requirements regarding the submission of future versions; and a > description of how OASIS and the submission requesters expect to > comply with those rules. > > A6: If the original submission is successfully approved, OASIS > would enter into the usual commitments to share with ITU any > material errata data, and submit back to ITU for re-transposition > any future approved OASIS Standard versions or Approved Errata. As > before, a condition of the OASIS submission would be the requirement > that any changes to the established Specification be submitted > through the OASIS TC process, in order to preserve the continuity of > the work for the established base of implementers who rely on it. In > this case, because the originating TC has completed its work, any > such changes would be conditioned on the competent convening of a > new OASIS TC, under all applicable OASIS rules, and the approval of > that TC's work through the usual OASIS process. > > (end of submission request) -- Jeff Mischkinsky jeff.mischkinsky@oracle.com Sr. Director, Oracle Fusion Middleware +1(650)506-1975 and Web Services Standards 500 Oracle Parkway, M/S 2OP9 Oracle Redwood Shores, CA 94065
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]