[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-jc] Meeting today - Agenda attached
Attached is a proposed meeting agenda and call in information. Be hearing you at noon. Phil Griffin Proposed Agenda for Thursday, January 9, 2003 12 noon EST SJC Meeting Dial-in Number: +1 405-244-5555 Conference ID: 6921# Call sponsor - Content Guard 1. Call meeting to order 2. Introductions 3. Approve past minutes; review action items 4. Approve proposed agenda 5. Chair Update - Next election for chair is middle June 2003 - Note sent to WSS and WSRP to address concerns over scope of SJC w.r.t. security vocabulary work. - Draft example OASIS Security Vocabulary document posted for comment by SJC. - Posted MoU/MG Annex A in OASIS format for SJC review and comment 6. TAB update - Krishna/Karl - OASIS Forum on the Direction of Web Services. Need two SJC members to participate in a panel discussion on security. Tuesday, 4 March 2003 at XML/Web Services One Conference in Santa Clara, California. - Need an SJC representative to speak with an editor from Federal Computer Week, a publication for IT executives at federal agencies. Their article will examine the current level of security in XML links, the work various standards groups (IETF, W3C, and OASIS) are taking to add more security functions to XML transmissions, and the availability of products that add security functions to XML. He would like to conduct a phone interview before Tuesday, January 14. Contact is Carol Geyer. - Remarks on XML Conference and Exposition 2002 in Baltimore of interest to the SJC? Note that WSS and XCBF held meetings there. - Issue of purpose and direction of SJC. Following text outlines the issue and the position of the TAB. What if any should be the SJC response? TAB position At the OASIS TAB meeting today we discussed, among other things, the Security JC scope and charter. It was pointed out that the OASIS TC Process makes no provision for a JC having a charter beyond simply coordinating the activities of the TCs, and additionally that the Process says that a JC will have no deliverables. So while the TAB thinks that the JC has identified some valuable topics to pursue (security common glossary, architecture model, etc.) and that this work is important and needs to be done, the TAB feels that the JC is the wrong place to be doing this work. The TAB suggests that interested members of the JC form a TC to do this work and that the JC restrict itself to providing a forum for the various TCs to communicate and coordinate their activities with each other. Krishna and I would be happy to further explain the TAB's feelings on this at the next JC meeting. - Other TAB issues 7. SJC F2F Meeting / Joint TC Meeting Proposals Dee Schur efforts: - RSA conference, http://www.rsaconference.net/rsa2003/, SJC can meet in the room used for RSA press conferences from 12:15 pm to 1:45 p.m. on Wednesday, April 16th. Class room style seating. Boxed lunch available for about $750 for approximately 30. - XML Web Services One in Santa Clara, 3-6 March, http://www.xmlconference.com/santaclara/ - Web Services Edge in Boston, 18-20 March, http://www.sys-con.com/webservicesedge2003east/ Terry Leahy offer: - PKI TC has obtained offer to use Computer Associates headquarters in New Jersey? - a large auditorium which can house 170+ plus several mid size conference rooms available March 18-20. Contact Terry to discuss. 8. Joint OASIS and ITU-T Security Standards Richard Hill, ITU-T central secretariat, is interested in having OASIS submit completed work for approval under the ITU-T process. OASIS has an established A.4 and A.5 communication process (liaison) with ITU-T. This proposal is similar to the process through which the ebXML work is submitted to ISO for approval. ITU-T is particularly interested in OASIS security work. Karl Best has proposed SAML and XACML for submission. A joint copyright would be structured so that OASIS would retain ownership, the right to publish, and responsibility of doing further work on the specifications. ITU-T would put it's copyright (jointly with OASIS) on *its version* of the work, but containing the same normative text. Background: Recommendations. A.4, A.5 and A.6 Qualified Organizations Lists are described in [1]. There are links here for A.4 and A.5 procedures which show All ITU-T SGs are available to OASIS ITU-T Study Group 17 - Data Networks and Telecommunication Software [2] does all ITU-T security work and is responsible jointly with ISO/IEC for the X.500-series Directory standards under Question 9/17 [3]. Security requirements, models and guidelines for communication systems and services work is done under question 10/17 [4], and has relationships with ISO/IEC JTC 1/SC 27 IT Security [5] and ISO/TC 68/SC2 Security and General Banking Operations [6]. [1] http://www.itu.int/ITU-T/dbase/sdo/qualified.html [2] http://www.itu.int/ITU-T/studygroups/com17/index.asp [3] http://www.itu.int/ITU-T/studygroups/com17/sg17-q9.html [4] http://www.itu.int/ITU-T/studygroups/com17/sg17-q10.html [5] http://www2.din.de/index.php?lang=en [6] http://www.tc68.org 7. MoU/MG - Memorandum of Understanding Management Group Annex A is under revision. This gives OASIS an opportunity to promote and coordinate its standards efforts and to stake out leadership areas. Do SJC members have comments on Annex A? Background: The work of the MoU/MG is related to E-Business [1] and several OASIS TCs are listed in the current Annex A Division of responsibility [2]. The E-Business MoU Management Group works to foster cooperation among standards developers, so as to minimize the risk of divergent and competing approaches to standardization, to avoid duplication of efforts, and to avoid confusion ... [3]. [1] http://www.itu.int/ITU-T/e-business/mou/related/index.html [2] http://www.itu.int/ITU-T/e-business/mou/annexa.html [3] http://www.oasis-open.org/news/oasis_news_02_11_02.shtml 8. Other business 9. Adjourn
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC