OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

oasis-member-discuss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [oasis-member-discuss] Proposed Submission of OASIS WS-Security v1.1 to ITU



We, the undersigned, strongly support the submission of WS-Security  
1.1 for de-jure standardization. We note that WS-I previously  
submitted several of its profiles (the WS-Basic Profiles) to JTC 1 via  
the JTC 1 PAS Transposition Process. These profiles have now been  
adopted as ISO/IEC International Standards.

We believe that the Web Services community will be best served if the  
OASIS Web Services specifications are submitted in a way that they can  
be reviewed and processed consistently in the same de-jure  
organization; in particular, we believe that an organization directly  
focused on web services, and which can appropriately work with other  
domain/topic-specific groups, is the most appropriate approach.  We  
see advantages in submitting them to either ITU-T SG17 (because of the  
telecommunication security and identity management concerns) or JTC 1  
SC 38 (because of the web services focus), but believe that WS- 
Security 1.1 should be submitted to JTC 1, and as decisions are  
reached to submit further OASIS Web Services specifications, JTC 1 SC  
38 should continue to be the recipient.

OASIS has successfully submitted other OASIS Standards to JTC 1 using  
the PAS Transposition Process while retaining technical ownership of  
their evolution. This need not preclude collaboration with ITU-T to  
make WS-Security a component of security standards suite.

We note that the OASIS Liaison policy (http://www.oasis-open.org/committees/liaison_policy.php 
) contains an option that the "OASIS President may approve the request  
with changes to the proposed submission method, schedule or designated  
receiving organization".
  [See section 3.4, "Policy for submitting OASIS Standards for  
adoption by other organizations"]

We would like to respectfully request that the submission request be  
approved and that the receiving organization be JTC 1.

Once JTC 1 receives the submission request from OASIS, it should be  
able to start the PAS Transposition Process (which includes a 6-month  
ISO/IEC national body letter ballot) within a few weeks.

We also recommend that JTC 1 assign administrative responsibility for  
this PAS Transposition to the newly created JTC 1 SC 38(Distributed  
Application Platforms and Services - DAPS).
   [See  http://www.iso.org/iso/standards_development/technical_committees/other_bodies/iso_technical_committee.htm?commid=601355 
]

Sincerely,

        Paul Lipton, CA                  (paul.lipton@ca.com)
        Hiroshi Yoshida, Fujitsu Limited (hyoshida@jp.fujitsu.com)
        Joel Fleck, HP                   (joel.fleck@hp.com)
        Kelvin Lawrence, IBM             (klawrence@us.ibm.com)
        Paul Cotton, MS                  (paul.cotton@microsoft.com)
        Jeff Mischkinsky, Oracle         (jeff.mischkinsky@oracle.com)
        Mark Little, Red Hat             (mlittle@redhat.com)
        Claus Von Riegen, SAP            (claus.von.riegen@sap.com)

On Mar 04, 2010, at 6:13 PM, jamie.clark@oasis-open.org wrote:

> To OASIS members, member announce lists:
>
> OASIS has been asked, by the members listed below, to submit the  
> following OASIS Standard to the International Telecommunications  
> Union, Telecommunication Standardization Sector (ITU-T), Study Group  
> 17 on Security:
>
> Web Services Security v1.1 [n1]
>
> The OASIS Liaison Policy sets requirements for submissions of OASIS  
> specifications to external standards organizations. [n2]  In the  
> case of a work produced by a closed Technical Committee,
> OASIS rules require that five or more organizational members make  
> this request.  The request is attached below;  it includes more  
> detailed information on the proposed submission and its terms.
>
> OASIS has determined that the request meets the policy's initial  
> requirements.  Our  rules provide that any such request be posted to  
> OASIS members for comment.   The member review starts today, 4 March  
> 2010, and ends 3 April 2010.  This is an open invitation to members  
> to comment. Under our Liaison Policy, OASIS will make a final  
> determination to confirm the submission at the close of the review  
> period.
>
> More information about the specification, and the WS-Security TC who  
> originated it, may be found at the public home page of the TC.   
> [n3]  Additional non-normative information about the proposed  
> submission may also be posted to the [oasis-member-discuss] list,  
> during the review period.
>
> Comments on this proposed submission should be send to oasis-member-discuss@lists.oasis-open.org 
> .  That list is publicly archived [n4], and any OASIS member may  
> subscribe. [n5]   A link to this notice is cross-posted to relevant  
> OASIS announcement lists.
>
> The submission request is appended below.
>
> Respectfully,  JBC
>
> ~ James Bryce Clark
> ~ General Counsel, OASIS
> ~ http://www.oasis-open.org/who/staff.php#clark
>
> [n1]  WS-Security v1.1 as approved: http://www.oasis-open.org/specs/index.php#wss
> [n2]  Liaison Policy:  http://www.oasis-open.org/committees/liaison_policy.php#submitwork
> [n3]  Archived TC pages:  http://www.oasis-open.org/committees/wss
> [n4]  List archive: http://lists.oasis-open.org/archives/oasis-member-discuss/
> [n5]  Comment lists & subscriptions: http://lists.oasis-open.org/archives/
>
> --------
> Proposed Submission Request terms
> [The six questions are quoted from the OASIS Liaison Policy]
>
> Specification to be submitted:  Web Services Security v1.1, as  
> approved in February 2006.   See http://www.oasis-open.org/specs/index.php#wss
>
> Q1.  The name(s) of the submission requester(s), that is, the TC,  
> the Member Section, or the OASIS Organizational Members that support  
> the submission request as described in section 1(d).
>
> A1:  CA, IBM, Microsoft, Red Hat, SAP
>
> Q2. The name of the intended receiving standards organization. The  
> request may also suggest the committee or group in that organization  
> which should process that submission.
>
> A2:  ITU-T Study Group 17 on Security
>
> Q3. The intended status or outcome that the request seeks from the  
> receiving organization's process; and a short description of the  
> receiving organization's approval process, including estimated time
> required, stages of approval and who votes at each stage.
>
> A3:  Final approval as an ITU Recommendation without change.  
> Preservation of the content without alteration, except for non- 
> technical, front-page-type matter.  It is anticipated that the  
> submission will be transmitted to ITU-T SG17 and submitted for study  
> group consent vote at their regular plenary in April 2010,  followed  
> by an ITU member review & confirmation process that may conclude in  
> late May.
>
> Q4. An explanation of how the submission will benefit OASIS.
>
> A4:  Increased visibility and implementation of the established  
> standard, due to the positive sanction associated with the ITU  
> process.
>
> Q5. The expected licensing, copyright and other intellectual  
> property terms that will be used by the receiving organization in  
> regard to the submission.
>
> A5:  Use of the OASIS standard and will continue to be is permitted  
> under the terms of the OASIS IPR Policy. As before, our submission  
> would call to the attention of ITU and potential users of its works
> the existence of the disclosures and license statements made  
> pursuant to the OASIS process (see http://www.oasis-open.org/committees/wss/ipr.php) 
> ,  OASIS plans to contact parties listed there, to advise them of  
> the submission and the possibility of further inquiry about  
> availability from ITU-T.
>
> Q6. A statement of the intended future plans for versioning and  
> maintenance of the OASIS Standard and/or Approved Errata for that  
> standard, and the expected roles of OASIS and the receiving
> organization. This must include clear statements of the rules of the  
> receiving organization applicable to maintenance of an approved  
> submitted standard, and to future versions of that standard; any
> requirements regarding the submission of future versions; and a  
> description of how OASIS and the submission requesters expect to  
> comply with those rules.
>
> A6:  If the original submission is successfully approved, OASIS  
> would enter into the usual commitments to share with ITU any  
> material errata data, and submit back to ITU for re-transposition  
> any future approved OASIS Standard versions or Approved Errata. As  
> before, a condition of the OASIS submission would be the requirement  
> that any changes to the established Specification be submitted  
> through the OASIS TC process, in order to preserve the continuity of  
> the work for the established base of implementers who rely on it. In  
> this case, because the originating TC has completed its work, any  
> such changes would be conditioned on the competent convening of a  
> new OASIS TC, under all applicable OASIS rules, and the approval of  
> that TC's work through the usual OASIS process.
>
> (end of submission request)

--
Jeff Mischkinsky			          		jeff.mischkinsky@oracle.com
Sr. Director, Oracle Fusion Middleware 				+1(650)506-1975
	and Web Services Standards           			500 Oracle Parkway, M/S 2OP9
Oracle								Redwood Shores, CA 94065











[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]