RE: [security-jc] Discussion of charter for SSJC

[Darran Rolls <Darran.Rolls@waveset.com>]

Sorry for the late reply here, comments in line....

> -----Original Message-----
> From: Phil Griffin [mailto:phil.griffin@asn-1.com]
> Sent: Tuesday, June 18, 2002 8:29 AM
> To: Security Joint Committee
> Subject: Re: [security-jc] Discussion of charter for SSJC
> 
> Darran,
> 
> After each item it would be helpful for me to see the text
> in each of your four cases followed by a brief explanation
> list of how the SJC would hope to these achieve these goals.
> 
> "Promote a common vocabulary by" doing what?
> 
> "Promote the reuse of technical components (schema,
> identifiers etc.)" how?

I've tried to answer these questions in the new text below.

> BTW. You dropped your fifth item from down below. For
> some reason I thought that this was the primary reason
> for initially forming the SJC. I thought that there had
> been some publicity incident that triggered the need for
> the SJC.

I've added the sentiment of all my earlier suggestions into the new
proposal below.  Please consider/review.

<snip>

1  To promote the re-use of technical components
================================================
Charter
-------
1.1  Through consultation and participation, to encourage new and
developing TC's to re-use terms from developing/existing TC
specification glossaries. 

1.2  To provide context for re-usable security related specification
elements (models, use cases, elements, profiles etc).  When a member TC
develops what it considers to be a re-usable specification "element", to
review it and where suitable reference or endorse it as such (not sure
what endorse really means in this context).

Implementation
--------------
1.3  To develop an SSJC glossary that provides common terms and
descriptions for security related specification elements.

1.4  To develop a core set of security related use cases.

1.5  To develop a security specification element re-use matrix or
repository.  This would provide some way of documenting or referencing
those parts of a given OASIS TC specification that *should* be
considered for re-use by other TC's.


2 - To Develop an OASIS Security Standards Model & Roadmap
==========================================================
Charter 
-------
2.1  To define a consistent model of how OASIS security TC
specifications are related, re-used, referenced or otherwise applicable
to an end-to-end solution.

2.2  To provide guidance on how to implement a consistent security
architecture that employs OASIS security related TC specifications with
compatible external specifications or works. 

2.3  To define a roadmap for possible OASIS security related
TC/specifications and how these would compliment and enhance 2.1 

Implementation
--------------
2.4  To develop an OASIS security standards architecture document that
provides a description of how OASIS security related specification "fit
together" and relate to other security relevant works at W3C, WS-I etc.


3 - To Provide Help with the formation of new "Security Related" TC's
=====================================================================
Charter
-------
3.1  To help the OASIS TAB (or whoever) with the process of accepting
and chartering future security related TC's. 

Implementation
--------------
3.2  SSJC to be available to consult as required.


4 - To Provide Help With OASIS PR activities that effect security
=================================================================
Charter
--------
4.1  To help organize a consistent voice for security related PR
announcements.

4.2  To provide a forum for arranging OASIS security related external
events and event participation.

Implementation
--------------
4.3  SSJC to be available to consult with OASIS PR as required.


--------------------------------------------------------
Darran Rolls                      http://www.waveset.com
Waveset Technologies Inc          drolls@waveset.com 
(512) 657 8360                    
--------------------------------------------------------