RE: Pre-TC Creation Discussion List Creation Request

["Simon Y. Blackwell" <sblackwell@psoom.com>]

Security Committee Members,

Your input on the included thread is requested in order to determine if we
should establish a separate pre-TC discussion or petition for creation of a
sub-group within the Security Services group.
In summary we wish to create a group focused on security related
specifications orthogonal to the efforts of the XML-Based Security Services
TC. Whereas XML-Based Security Services exists to define an XML framework
for exchanging authentication and authorization information, XACML is
concerned with the representation of access control policies as XML and the
application of these policies to XML documents. Current public examples of
the types of issues the group will address are illustrated by:
<http://www9.org/w9cdrom/419/419.html>
<http://www.trl.ibm.co.jp/projects/xml/doccont/xacl_e.htm>

Thanks,

Simon Y. Blackwell

 -----Original Message-----
From: 	Simon Y. Blackwell  
Sent:	Thursday, February 08, 2001 5:05 PM
To:	'Ernesto Damiani'; Simon Y. Blackwell; 'Karl Best'
Cc:	samarati@dsi.unimi.it; Frank Chum; eve.maler@east.sun.com
Subject:	RE: Pre-TC Creation Discussion List Creation Request

My understanding is that the OASIS Security Services folks and the W3C folks
have been co-operating closely, but maybe it was IETF. And, my review of the
current discussions doesn't indicate much if any interest in the type of
things we want to address. However, deferring to our designated discussion
leader (even though a discussion has not yet formally started ;-), I'll post
to the security group at OASIS the summary of our goals as stated in the
request as soon as I get a response to my list membership request.

Simon

 -----Original Message-----
From: 	Ernesto Damiani [mailto:edamiani@crema.unimi.it] 
Sent:	Thursday, February 08, 2001 4:40 PM
To:	Simon Y. Blackwell; 'Karl Best'
Cc:	samarati@dsi.unimi.it; Frank Chum; eve.maler@east.sun.com
Subject:	R: Pre-TC Creation Discussion List Creation Request

Well, this puts me in a rather difficult position, since it is the first
time I am directly involved in any OASIS activity.
All I can say is that the subject of XML access control is also being
informally discussed via the W3C XML encryption mailing list, but
the general feeling there is that AC and encryption standardization should
be done separately.
So it was decided to go ahead with encryption first and come back to AC
later.
Perhaps the OASIS XML Security Services people do not share this view and
would welcome discussing XML AC together with their other topics. The
subcommittee idea mentioned by Karl sounds interesting, as it would allow
independent but coordinated discussion, and should probably be explored.
In the end, I suggest we freeze our proposal and try first to interact with
the Security Services committee; we can resume it later if we meet a deaf
ear.
Regards
Ernesto

----- Original Message -----
From: Simon Y. Blackwell <sblackwell@psoom.com>
To: 'Karl Best' <karl.best@oasis-open.org>
Cc: <edamiani@crema.unimi.it>; <samarati@dsi.unimi.it>; Frank Chum
<fchum@psoom.com>; <eve.maler@east.sun.com>
Sent: Thursday, February 08, 2001 10:39 PM
Subject: RE: Pre-TC Creation Discussion List Creation Request


>
>
> Karl,
>
> Karl,
>
> I fully concur with your comments regarding fewer TC's rather than more. I
> spent considerable time reviewing the work of XMLAuth and S2ML prior to
> proposing this committee. However, I have not raised this topic on the
> rather newly combined Security Services committee. My understanding is
that
> some time ago Ernesto had some fairly length interactions with some of the
> security folk and they decided the efforts should be distinct. It was also
> determined at the time that there was insufficient groundswell to get a TC
> going specifically related to the topics we wish to address.
>
> As to multiple specifications. I rant and rave about incompatible
> specifications all the time. I am 100% behind your desire to have
compatible
> specifications. I am tired of hearing "Don't worry about that, namespaces
> and XSL transformations will solve the issue" when I post to newsgroups
> pointing out duplications of domain modeling efforts. As a practical
matter
> of adoption, common naming and the identification of similar semantics are
> hugely important and made radically simpler by working within one group.
>
> This being said, I will leave the final decision as to how to proceed to
> Ernesto as the discussion leader. My preference is to start the list,
invite
> folks from security to participate and in the context of the list
determine
> whether a subsequent merging into Security Services makes sense prior to
the
> forming of a TC. This will also serve to keep the security services list
> from cluttering up.
>
> If you have actually created the list, please advise since I don't see it
on
> the website. If you have not, then I suggest you wait for word from
Ernesto
> on how to proceed.
>
> Best Regards,
>
> Simon
>
>
> -----Original Message-----
> From: Karl Best [mailto:karl.best@oasis-open.org]
> Sent: Thursday, February 08, 2001 7:12 AM
> To: Simon Y. Blackwell
> Cc: edamiani@crema.unimi.it; samarati@dsi.unimi.it; Frank Chum; Karl;
> eve.maler@east.sun.com
> Subject: RE: Pre-TC Creation Discussion List Creation Request
>
> Simon:
>
> The OASIS TC process requires three eligible people in order to start
either
> a discussion list or a TC. Psoom is an OASIS member, so its employees are
> eligible, and I have just received word that Ernesto has joined as an
> Individual (and perhaps Pierangela's membership is in process), so you
have
> your three people.
>
> While I am obligated to create a discussion list or a technical committee
if
> you meet the requirements, I would prefer to see similar efforts merged
into
> single committees. A philosophy of OASIS is that we get people talking and
> working together rather than splintering efforts into different groups.
Have
> you looked into doing this proposed work in the existing Security Services
> committee? Have you raised the topic on the committee list? (OASIS members
> are eligible to subscribe to the list; you could do so and raise the
> question.) This committee has already broken into a number of
subcommittees
> which are looking at the different aspects of the problem; perhaps your
work
> could be done as another subcommittee. I predict much better market
> acceptance for a single, coordinated security specification rather than a
> number of competing or incompatible specifications.
>
> So, as you have met the requirements I will create the dicussion group,
but
> I would urge you to see if you can work within the existing TC. I'll let
you
> decide.
>
> </karl>
> ============================================================
> Karl F. Best
> OASIS - Director, Technical Operations
> 978.667.5115 x206
> karl.best@oasis-open.org  http://www.oasis-open.org
>
>
> > -----Original Message-----
> > From: Simon Y. Blackwell [mailto:sblackwell@psoom.com]
> > Sent: Thursday, February 08, 2001 9:46 AM
> > To: 'tc_admin@oasis-open.org'
> > Cc: 'edamiani@crema.unimi.it'; 'samarati@dsi.unimi.it'; Frank Chum
> > Subject: Pre-TC Creation Discussion List Creation Request
> >
> >
> > The following individuals would like to form an e-mail list to discuss
> > creation of an eXtensible Access Control Markup Language (XACML) TC. The
> > name XACML is an intermin moniker. Part of the scope of discussion will
be
> > to select a permanent name.
> > Participants:
> > Ernesto Damiani edamiani@crema.unimi.it <mailto:edamiani@crema.unimi.it>
> > Pierangela Samarati samarati@dsi.unimi.it <mailto:samarati@dsi.unimi.it>
> > Simon Y. Blackwell sblackwell@psoom.com <mailto:sblackwell@psoom.com>
> > Frank Chum fchum@psoom.com <mailto:fchum@psoom.com>
> > Discussion Leader:
> > Ernesto Damiani edamiani@crema.unimi.it <mailto:edamiani@crema.unimi.it>
> > Discussion List Name:
> > xacml@oasis-open.org
> > Scope Of Discussion:
> > This group intends to address security related specifications
> > orthogonal to
> > the efforts of the XML-Based Security Services TC. Whereas XML-Based
> > Security Services exists to define an XML framework for exchanging
> > authentication and authorization information, XACML is concerned with
the
> > representation of access control policies as XML and the application of
> > these policies to XML documents. The above named individuals have read
> > http://www.oasis-open.org/committees/process.shtml
> > <http://www.oasis-open.org/committees/process.shtml>  and intend
> > to deliver
> > to Oasis a formal request for TC creation within 45 days. Current public
> > examples of the types of issues the group will address are illustrated
by:
> > http://www9.org/w9cdrom/419/419.html
> > <http://www9.org/w9cdrom/419/419.html>
> > http://www.trl.ibm.co.jp/projects/xml/doccont/xacl_e.htm
> > <http://www.trl.ibm.co.jp/projects/xml/doccont/xacl_e.htm>
> > We look forward to your response.
> >