OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-jc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-jc] RE: Specification Errata Process Issue

Hal:

There may be another solution. The TC Process is currently being
revised, and due to be completed this month or next. A major revision
is the shortening of the specification review/approval cycle from five
months to two, with submissions made on a monthly rather than a
quarterly schedule. The intent of this change is to reduce the "cost"
of withdrawing/fixing/resubmitting a spec once errata have been found.

Would this meet your needs, or would this reduced schedule still need
to include some provision for errata?

</karl>
=================================================================
Karl F. Best
OASIS - Director, Technical Operations
+1 978.667.5115 x206
karl.best@oasis-open.org  http://www.oasis-open.org

-----Original Message-----
From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
Sent: Thursday, July 11, 2002 5:00 PM
To: 'Karl F. Best'
Cc: 'security-jc@lists.oasis-open.org'
Subject: Specification Errata Process Issue


The understanding of the SSTC (and others) is that the specification
voted for by the membership must be EXACTLY the same document
presented at the begining of the review cycle. The problem is that we
have found errata and expect there will be more. These do not differ
from the intent of the specification, but they are important for
implementers to be aware of. As we understand it, the only way to get
these in the spec is an additional 4-5 month review + approval cycle.
The kind of process we would recommend (this is my summary of the
consensus at the last concall) is as follows:
1. publish spec with a statement that errata can be found at such and
such location and will be incorporated into the document at the end of
the review cycle.
2. Post an errata document with two sections: identified errors and
approved changes to the spec
3. At the end of the review period, close all errors by either
approved changes or deferral. Apply all changes to document.
4. Membership votes on updated document which becomes normative spec.
Obviously variants of this are possible.
Other TCs, e.g. XACML believe this may be an issue for them as well.
IMO people have rightly been impressed with the speed with which SAML
was developed. It is certainly a good idea to allow plenty of time (3
mo review + 1 month voting) to approve a major specification. However,
there ought to be a more streamlined way to correct minor errors and
ommisions without going through the entire cycle.
Hal

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC