[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-jc] Meeting today - Agenda attached
Attached is a proposed meeting agenda and call in
information. Be hearing you at noon.
Phil Griffin
Proposed Agenda for Thursday, January 9, 2003 12 noon EST SJC Meeting
Dial-in Number: +1 405-244-5555
Conference ID: 6921#
Call sponsor - Content Guard
1. Call meeting to order
2. Introductions
3. Approve past minutes; review action items
4. Approve proposed agenda
5. Chair Update
- Next election for chair is middle June 2003
- Note sent to WSS and WSRP to address concerns over scope
of SJC w.r.t. security vocabulary work.
- Draft example OASIS Security Vocabulary document posted
for comment by SJC.
- Posted MoU/MG Annex A in OASIS format for SJC review
and comment
6. TAB update - Krishna/Karl
- OASIS Forum on the Direction of Web Services. Need
two SJC members to participate in a panel discussion
on security. Tuesday, 4 March 2003 at XML/Web Services
One Conference in Santa Clara, California.
- Need an SJC representative to speak with an editor from
Federal Computer Week, a publication for IT executives at
federal agencies. Their article will examine the current
level of security in XML links, the work various standards
groups (IETF, W3C, and OASIS) are taking to add more security
functions to XML transmissions, and the availability of
products that add security functions to XML. He would like
to conduct a phone interview before Tuesday, January 14.
Contact is Carol Geyer.
- Remarks on XML Conference and Exposition 2002 in
Baltimore of interest to the SJC? Note that WSS and
XCBF held meetings there.
- Issue of purpose and direction of SJC. Following
text outlines the issue and the position of the
TAB. What if any should be the SJC response?
TAB position
At the OASIS TAB meeting today we discussed, among
other things, the Security JC scope and charter. It
was pointed out that the OASIS TC Process makes no
provision for a JC having a charter beyond simply
coordinating the activities of the TCs, and
additionally that the Process says that a JC will
have no deliverables.
So while the TAB thinks that the JC has identified
some valuable topics to pursue (security common
glossary, architecture model, etc.) and that this
work is important and needs to be done, the TAB
feels that the JC is the wrong place to be doing
this work.
The TAB suggests that interested members of the JC
form a TC to do this work and that the JC restrict
itself to providing a forum for the various TCs to
communicate and coordinate their activities with
each other.
Krishna and I would be happy to further explain the
TAB's feelings on this at the next JC meeting.
- Other TAB issues
7. SJC F2F Meeting / Joint TC Meeting Proposals
Dee Schur efforts:
- RSA conference, http://www.rsaconference.net/rsa2003/,
SJC can meet in the room used for RSA press conferences
from 12:15 pm to 1:45 p.m. on Wednesday, April 16th.
Class room style seating. Boxed lunch available for
about $750 for approximately 30.
- XML Web Services One in Santa Clara, 3-6 March,
http://www.xmlconference.com/santaclara/
- Web Services Edge in Boston, 18-20 March,
http://www.sys-con.com/webservicesedge2003east/
Terry Leahy offer:
- PKI TC has obtained offer to use Computer Associates
headquarters in New Jersey? - a large auditorium which
can house 170+ plus several mid size conference rooms
available March 18-20. Contact Terry to discuss.
8. Joint OASIS and ITU-T Security Standards
Richard Hill, ITU-T central secretariat, is interested in
having OASIS submit completed work for approval under the
ITU-T process. OASIS has an established A.4 and A.5
communication process (liaison) with ITU-T. This proposal
is similar to the process through which the ebXML work is
submitted to ISO for approval.
ITU-T is particularly interested in OASIS security work.
Karl Best has proposed SAML and XACML for submission. A
joint copyright would be structured so that OASIS would
retain ownership, the right to publish, and responsibility
of doing further work on the specifications. ITU-T would
put it's copyright (jointly with OASIS) on *its version*
of the work, but containing the same normative text.
Background:
Recommendations. A.4, A.5 and A.6 Qualified Organizations
Lists are described in [1].
There are links here for A.4 and A.5 procedures which show
All ITU-T SGs are available to OASIS
ITU-T Study Group 17 - Data Networks and Telecommunication
Software [2] does all ITU-T security work and is responsible
jointly with ISO/IEC for the X.500-series Directory standards
under Question 9/17 [3].
Security requirements, models and guidelines for communication
systems and services work is done under question 10/17 [4], and
has relationships with ISO/IEC JTC 1/SC 27 IT Security [5] and
ISO/TC 68/SC2 Security and General Banking Operations [6].
[1] http://www.itu.int/ITU-T/dbase/sdo/qualified.html
[2] http://www.itu.int/ITU-T/studygroups/com17/index.asp
[3] http://www.itu.int/ITU-T/studygroups/com17/sg17-q9.html
[4] http://www.itu.int/ITU-T/studygroups/com17/sg17-q10.html
[5] http://www2.din.de/index.php?lang=en
[6] http://www.tc68.org
7. MoU/MG - Memorandum of Understanding Management Group
Annex A is under revision. This gives OASIS an opportunity
to promote and coordinate its standards efforts and to stake
out leadership areas.
Do SJC members have comments on Annex A?
Background:
The work of the MoU/MG is related to E-Business [1] and
several OASIS TCs are listed in the current Annex A Division
of responsibility [2]. The E-Business MoU Management Group
works to foster cooperation among standards developers, so
as to minimize the risk of divergent and competing approaches
to standardization, to avoid duplication of efforts, and to
avoid confusion ... [3].
[1] http://www.itu.int/ITU-T/e-business/mou/related/index.html
[2] http://www.itu.int/ITU-T/e-business/mou/annexa.html
[3] http://www.oasis-open.org/news/oasis_news_02_11_02.shtml
8. Other business
9. Adjourn
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC