Re: [security-jc] Security Forum program semi-final program

[Phil Griffin <phil.griffin@asn-1.com>]

Darran Rolls wrote:

> It does make sense if the focus is on explaining WS-Security only.  My 
> understanding was the program addressed security standards initiatives 
> within OASIS and W3C, how they fit together and inter-relate.  If the 
> focus has shifted to one of explaining these relationships relative to 
> WS-Security alone, I agree with the analysis.


I agree, too. And I think that Hal's comment on the primary
importance of the OASIS/W3C relationship is key. That goal
has been met. We can declare victory. But the event focus
must no longer be on OASIS security standards, how they all
fit together, the overlaps and the disconnects.

That's fine. But I think that this turn of focus diminishes
the events relevance as an SJC topic. Seems to me that it is
now more appropriately a WSS topic, or perhaps it belongs in
the TAB or someplace else. I see nothing much here for the
SJC to do.


>  
> 
> I know this is effort has a short window.  I also understand

> that we   

can't do everything in a single day.  I do however
feel rather strongly that if this event represents a discussion 
model for "security standards", it should at least include a 
complete list of those standards with a short description or each 
(if nothing else).

Hmmm. I don't know. I can see the benefit of the exposure.
But there's no one on the program that I would want to
rely on to speak accurately about the security technology
XCBF is using. It may be a blessing for XCBF to be omitted.

 
> 
>  
> 
> As a secondary assessment from this decision, should the SJC consider 
> directing all OASIS security initiatives to  explain their relevance to 
> and relationship with WS-Security (not incidentally a bad thing)?
> 


That's the rub Darran. The SJC doesn't direct or dictate.
Thankfully, it has no power to do so. But the SJC does
have the power to foster cooperation.

And I do agree that it could be beneficial for someone to
collect such information. It could be the SJC I guess. But
I'd rather see a pull from the WSS here than a push from
the SJC.

Perhaps the SJC could just suggest to the WSS TC that they
might want to ask the other TCs this question and possibly
to consider in their plans what the other TCs believe are
their interests in this area.

Doing this might lead to some illumination, foster a sense
of cooperation between the TCs, change perspectives and
lead to greater buy in for the WSS work. Constructive
engagement is the ticket.

(Writing this just made me recall the Bob Silverman joke
on an old adage, "You can lead an ass to knowledge, but
you can't make him think." :-)

Phil

  
> 
> --------------------------------------------------------
> 
> Darran Rolls                      http://www.waveset.com
> 
> Waveset Technologies Inc          drolls@waveset.com
> 
> (512) 657 8360                   
> 
> --------------------------------------------------------
> 
>  
> 
> -----Original Message-----
> From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
> Sent: Friday, July 19, 2002 8:32 AM
> To: Darran Rolls; Karl F. Best; tab; security-jc@lists.oasis-open.org
> Subject: RE: [security-jc] Security Forum program semi-final program
> 
>  
> 
> Since the focus was on WS-Security specifically and the time on the 
> program, I suggested that we not address SPML. I think it is unlikely 
> that WS-Security will deal with provisioning in the near term.
> 
> Hal
> 
>  > -----Original Message-----
>  > From: Darran Rolls [mailto:Darran.Rolls@waveset.com]
>  > Sent: Thursday, July 18, 2002 4:10 PM
>  > To: Karl F. Best; tab; security-jc@lists.oasis-open.org
>  > Subject: RE: [security-jc] Security Forum program semi-final program
>  >
>  >
>  > Karl
>  >
>  > Is there a reason why SPML is not on the security standards overview?
>  > Does the forum panel not consider life-cycle management of the
>  > underlying identity important to the proposed security stack?
>  >
>  > --------------------------------------------------------
>  > Darran Rolls                      http://www.waveset.com
>  > Waveset Technologies Inc          drolls@waveset.com
>  > (512) 657 8360                   
>  > --------------------------------------------------------
>  >
>  >
>  > > -----Original Message-----
>  > > From: Karl F. Best [mailto:karl.best@oasis-open.org]
>  > > Sent: Thursday, July 18, 2002 11:07 AM
>  > > To: tab; security-jc@lists.oasis-open.org
>  > > Subject: [security-jc] Security Forum program semi-final program
>  > >
>  > > FYI - the forum program. Speaker names to be filled in as they are
>  > > confirmed. This should be posted on the web (OASIS and/or conference
>  > > web site) by tomorrow. Press releases etc. on the way.
>  > >
>  > > </karl>
>  > > =================================================================
>  > > Karl F. Best
>  > > OASIS - Director, Technical Operations
>  > > +1 978.667.5115 x206
>  > > karl.best@oasis-open.org  http://www.oasis-open.org
>  > >
>  > >
>  > >
>  > > Forum on Security Standards for Web Services
>  > > --------------------------------------------
>  > > [insert abstract here]
>  > >
>  > > program chairs: Karl Best, OASIS; and Janet Daly, W3C
>  > >
>  > > 9:00-9:30  Welcome by program chairs and by OASIS and W3C management
>  > >
>  > > 9:30-10:15 Technical plenary. Why are security standards
>  > necessary for
>  > > web services. How do the pieces fit together?
>  > > Phillip Hallam-Baker, Verisign
>  > >
>  > > 10:15-10:30 break
>  > >
>  > > 10:30-12:30 Use cases and requirements. Presentations from various
>  > > industries who use security standards for web services.
>  > > Speakers TBA.
>  > >
>  > > 12:30-1:30 lunch
>  > >
>  > > 1:30-3:30 Overview of the security standards.
>  > >
>  > > - XML Digital Signature, XML Encrytion: Joseph Reagle, W3C
>  > > - WS Security: speaker TBD
>  > > - SAML: speaker TBD
>  > > - IETF SSL, BEEP, FASL, Kerberos: speaker TBD
>  > > - XKMS: Philip Hallam-Baker, Verisign
>  > > - XACML, Rights Language: Hal Lockhart, Entegrity
>  > >
>  > > 3:30-3:45 break
>  > >
>  > > 3:45-4:30 Expert panel. A response to the use cases/requirements and
>  > > the specifications. Do they match? What's missing?
>  > >
>  > > chair and speakers TBD
>  > >
>  > > 4:30-5:00 Audience reaction/feedback
>  > >
>  > > 5:00-5:30 Wrapup by panel and closing statements from conference
>  > > sponsors.
>  > >
>  > >
>  > >
>  > > ----------------------------------------------------------------
>  > > To subscribe or unsubscribe from this elist use the subscription
>  > > manager: <http://lists.oasis-open.org/ob/adm.pl>
>  >
>  > ----------------------------------------------------------------
>  > To subscribe or unsubscribe from this elist use the subscription
>  > manager: <http://lists.oasis-open.org/ob/adm.pl>
>  >
>