[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Pre-TC Creation Discussion List Creation Request
Security Committee Members, Your input on the included thread is requested in order to determine if we should establish a separate pre-TC discussion or petition for creation of a sub-group within the Security Services group. In summary we wish to create a group focused on security related specifications orthogonal to the efforts of the XML-Based Security Services TC. Whereas XML-Based Security Services exists to define an XML framework for exchanging authentication and authorization information, XACML is concerned with the representation of access control policies as XML and the application of these policies to XML documents. Current public examples of the types of issues the group will address are illustrated by: <http://www9.org/w9cdrom/419/419.html> <http://www.trl.ibm.co.jp/projects/xml/doccont/xacl_e.htm> Thanks, Simon Y. Blackwell -----Original Message----- From: Simon Y. Blackwell Sent: Thursday, February 08, 2001 5:05 PM To: 'Ernesto Damiani'; Simon Y. Blackwell; 'Karl Best' Cc: samarati@dsi.unimi.it; Frank Chum; eve.maler@east.sun.com Subject: RE: Pre-TC Creation Discussion List Creation Request My understanding is that the OASIS Security Services folks and the W3C folks have been co-operating closely, but maybe it was IETF. And, my review of the current discussions doesn't indicate much if any interest in the type of things we want to address. However, deferring to our designated discussion leader (even though a discussion has not yet formally started ;-), I'll post to the security group at OASIS the summary of our goals as stated in the request as soon as I get a response to my list membership request. Simon -----Original Message----- From: Ernesto Damiani [mailto:edamiani@crema.unimi.it] Sent: Thursday, February 08, 2001 4:40 PM To: Simon Y. Blackwell; 'Karl Best' Cc: samarati@dsi.unimi.it; Frank Chum; eve.maler@east.sun.com Subject: R: Pre-TC Creation Discussion List Creation Request Well, this puts me in a rather difficult position, since it is the first time I am directly involved in any OASIS activity. All I can say is that the subject of XML access control is also being informally discussed via the W3C XML encryption mailing list, but the general feeling there is that AC and encryption standardization should be done separately. So it was decided to go ahead with encryption first and come back to AC later. Perhaps the OASIS XML Security Services people do not share this view and would welcome discussing XML AC together with their other topics. The subcommittee idea mentioned by Karl sounds interesting, as it would allow independent but coordinated discussion, and should probably be explored. In the end, I suggest we freeze our proposal and try first to interact with the Security Services committee; we can resume it later if we meet a deaf ear. Regards Ernesto ----- Original Message ----- From: Simon Y. Blackwell <sblackwell@psoom.com> To: 'Karl Best' <karl.best@oasis-open.org> Cc: <edamiani@crema.unimi.it>; <samarati@dsi.unimi.it>; Frank Chum <fchum@psoom.com>; <eve.maler@east.sun.com> Sent: Thursday, February 08, 2001 10:39 PM Subject: RE: Pre-TC Creation Discussion List Creation Request > > > Karl, > > Karl, > > I fully concur with your comments regarding fewer TC's rather than more. I > spent considerable time reviewing the work of XMLAuth and S2ML prior to > proposing this committee. However, I have not raised this topic on the > rather newly combined Security Services committee. My understanding is that > some time ago Ernesto had some fairly length interactions with some of the > security folk and they decided the efforts should be distinct. It was also > determined at the time that there was insufficient groundswell to get a TC > going specifically related to the topics we wish to address. > > As to multiple specifications. I rant and rave about incompatible > specifications all the time. I am 100% behind your desire to have compatible > specifications. I am tired of hearing "Don't worry about that, namespaces > and XSL transformations will solve the issue" when I post to newsgroups > pointing out duplications of domain modeling efforts. As a practical matter > of adoption, common naming and the identification of similar semantics are > hugely important and made radically simpler by working within one group. > > This being said, I will leave the final decision as to how to proceed to > Ernesto as the discussion leader. My preference is to start the list, invite > folks from security to participate and in the context of the list determine > whether a subsequent merging into Security Services makes sense prior to the > forming of a TC. This will also serve to keep the security services list > from cluttering up. > > If you have actually created the list, please advise since I don't see it on > the website. If you have not, then I suggest you wait for word from Ernesto > on how to proceed. > > Best Regards, > > Simon > > > -----Original Message----- > From: Karl Best [mailto:karl.best@oasis-open.org] > Sent: Thursday, February 08, 2001 7:12 AM > To: Simon Y. Blackwell > Cc: edamiani@crema.unimi.it; samarati@dsi.unimi.it; Frank Chum; Karl; > eve.maler@east.sun.com > Subject: RE: Pre-TC Creation Discussion List Creation Request > > Simon: > > The OASIS TC process requires three eligible people in order to start either > a discussion list or a TC. Psoom is an OASIS member, so its employees are > eligible, and I have just received word that Ernesto has joined as an > Individual (and perhaps Pierangela's membership is in process), so you have > your three people. > > While I am obligated to create a discussion list or a technical committee if > you meet the requirements, I would prefer to see similar efforts merged into > single committees. A philosophy of OASIS is that we get people talking and > working together rather than splintering efforts into different groups. Have > you looked into doing this proposed work in the existing Security Services > committee? Have you raised the topic on the committee list? (OASIS members > are eligible to subscribe to the list; you could do so and raise the > question.) This committee has already broken into a number of subcommittees > which are looking at the different aspects of the problem; perhaps your work > could be done as another subcommittee. I predict much better market > acceptance for a single, coordinated security specification rather than a > number of competing or incompatible specifications. > > So, as you have met the requirements I will create the dicussion group, but > I would urge you to see if you can work within the existing TC. I'll let you > decide. > > </karl> > ============================================================ > Karl F. Best > OASIS - Director, Technical Operations > 978.667.5115 x206 > karl.best@oasis-open.org http://www.oasis-open.org > > > > -----Original Message----- > > From: Simon Y. Blackwell [mailto:sblackwell@psoom.com] > > Sent: Thursday, February 08, 2001 9:46 AM > > To: 'tc_admin@oasis-open.org' > > Cc: 'edamiani@crema.unimi.it'; 'samarati@dsi.unimi.it'; Frank Chum > > Subject: Pre-TC Creation Discussion List Creation Request > > > > > > The following individuals would like to form an e-mail list to discuss > > creation of an eXtensible Access Control Markup Language (XACML) TC. The > > name XACML is an intermin moniker. Part of the scope of discussion will be > > to select a permanent name. > > Participants: > > Ernesto Damiani edamiani@crema.unimi.it <mailto:edamiani@crema.unimi.it> > > Pierangela Samarati samarati@dsi.unimi.it <mailto:samarati@dsi.unimi.it> > > Simon Y. Blackwell sblackwell@psoom.com <mailto:sblackwell@psoom.com> > > Frank Chum fchum@psoom.com <mailto:fchum@psoom.com> > > Discussion Leader: > > Ernesto Damiani edamiani@crema.unimi.it <mailto:edamiani@crema.unimi.it> > > Discussion List Name: > > xacml@oasis-open.org > > Scope Of Discussion: > > This group intends to address security related specifications > > orthogonal to > > the efforts of the XML-Based Security Services TC. Whereas XML-Based > > Security Services exists to define an XML framework for exchanging > > authentication and authorization information, XACML is concerned with the > > representation of access control policies as XML and the application of > > these policies to XML documents. The above named individuals have read > > http://www.oasis-open.org/committees/process.shtml > > <http://www.oasis-open.org/committees/process.shtml> and intend > > to deliver > > to Oasis a formal request for TC creation within 45 days. Current public > > examples of the types of issues the group will address are illustrated by: > > http://www9.org/w9cdrom/419/419.html > > <http://www9.org/w9cdrom/419/419.html> > > http://www.trl.ibm.co.jp/projects/xml/doccont/xacl_e.htm > > <http://www.trl.ibm.co.jp/projects/xml/doccont/xacl_e.htm> > > We look forward to your response. > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC