OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: UDDI AG meeting and SAML: SAML in UDDI and XQuery subsets.

If I've misunderstood the terms of the Agreement for UDDI Advisors or what
is considered confidential, I apologize.  I am certainly aware of the
confidentiality obligations, and have every intention of honoring them.  I
don't believe that I did violate them in this case, but and glad to discuss
it with you if you think I've disclosed anything inappropriately. I
certainly did not give out any Unpublished Specifications that the UDDI WG
gave to me, like schedules, requirements, etc.  I mostly articulated what I
had said to people.  The information that I disclose to UDDI WG members is
non-exclusive and I chose to disclose some of it to SAML.  BTW, I suggest
that in the future, UDDI documents contain an appropriate confidentiality

I said very little about what was disclosed to me, and I did not understand
them to be confidential.  The only 2 statements I made about what UDDI WG
members said were your desire for clear SSO use cases and that Chris Kurt
was interested in subsetting XQuery.   I did not state any opinion of yours
wrt my proposal for model extensions.  Given that you've restated your
concern and desires on use cases to a wider forum, it seems that that isn't
confidential information.  My goal was and continues to get better
co-operation between group specifications like SAML, UDDI, W3C XQuery, W3C
canonicalization, and others.

I believe your response to my SAML post is inappropriately cross-posted.  If
or when I'd like to propose ideas to UDDI on Security, I'd like to structure
it in a way that I'm comfortable with.  In the interest of both of us
working together so that we can continue to advance our professional
objectives, I suggest that if you have concerns like the ones raised, that
you raise them with me first as a courtesy, and give me the opportunity to
respond.  I agree to extend the same courtesy to you.   

I regret that you feel I have somehow misrepresented you by taking your
statements out of context. To a certain extent, I've had to take things out
of context.  The UDDI meeting was 1 1/2 days, with about 20 minutes of it
relevent to SAML.  That's a lot of context.  I certainly did not intend to
misrepresent your views.  I was informing the SAML working group what I
thought I could about the relationship between SAML and UDDI in planning for
the SAML work.  Again, I made no claims about what you said wrt my proposal
for model extensions, simply that I had made a suggestion to you.  Nor did I
say whether I had lobbied for this to the UDDI AG or WG.  I have been
thinking of writing a UDDI best practices for this modelling of security
aspects of business entities and services, but I think that's a very
distinct and discrete thread from this one.  If you still feel that my
statements were inappropriate and misrepresented you, I would be glad to
discuss this with you.

Finally, despite this misunderstanding, I think we're in complete agreement
wrt use cases.  I agree that having use cases is important before
determining requirements, and have been known to publicly state that, such
as at the UDDI AG meeting.  Perhaps a formal SAML response to UDDI V3 call
for requirements would be useful.  Given that Verisign, IBM, HP, Sun are
significantly placed in SAML and UDDI, it seems that there is reason for
hope in that regard.

Dave Orchard
XML Architect
Jamcracker Inc.,    19000 Homestead Dr., Cupertino, CA 95014
p: 408.864.5118     m: 604.908.8425    f: 408.725.4310

www.jamcracker.com - Sounds like a job for Jamcracker.

> -----Original Message-----
> From: Maryann Hondo [mailto:mhondo@us.ibm.com]
> Sent: Friday, June 22, 2001 9:24 AM
> To: Orchard, David; uudi-ag@yahoogroups.com
> Cc: oasis sstc
> Subject: Re: UDDI AG meeting and SAML: SAML in UDDI and 
> XQuery subsets.
> Dave,
> First of all, it is my understanding that the AG meeting is 
> covered by an
> NDA.
> I would be happy to entertain technical discussions of your 
> points below
> and will respond  on the AG mailing list...
> (and will copy them so that they can participate in this discussion)
> which for those of you who are not members is quite easy to 
> join.....and I
> would encourage you to do so... see
> http://www.uddi.org/community.html.
> Second, you have taken several things out of context.   I 
> also  find it a
> bit disconcerting
> that you have intermixed private conversations  we had  outside the AG
> forum with
> discussions in the meeting. I don't believe you actually 
> articulated your
> feelings about these points
> within the AG meeting itself. This is unfortunate because I 
> would have then
> had the opportunity to respond.
> My perspective on Single Sign On, and Joe Pato and Bob 
> Blakely can support
> me on this, ( since
> I recall lengthy discussions on this topic at the Open Group) 
> is that it is
> an overloaded term. What
> I propose to do within UDDI  is find out what problem exactly 
> we are trying
> to solve
> before we start architecting solutions.
> Maryann
> again, more comments on the AG list so join up everyone!  :)
> you know you need more email!
> "Orchard, David" <dorchard@jamcracker.com> on 06/22/2001 03:13:42 AM
> To:   oasis sstc <security-services@lists.oasis-open.org>
> cc:
> Subject:  UDDI AG meeting and SAML: SAML in UDDI and XQuery subsets.
> I attended the UDDI AG meeting this week, and a few SAML 
> related items came
> up.
> The use of SAML for SSO onto multiple UDDI repositories was questioned
> strongly by Maryanne Hondo of IBM.  The logic is that if everything is
> replicated, why support SSO?  Personally, I think this ought to be
> supported
> to support transition between public and private registries, 
> which have
> different data sets.
> I lobbied Maryanne to support model extensions for security.  
> This would
> allow a business entity to specify in standard tModel the security
> mechanisms it supported, ie username/password and SAML.  This is not a
> security requirement per se, but more of modelling requirement.
> We may want SAML to formally liase with UDDI on these and 
> other issues.
> On a somewhat related note, I supported Vadim of BEA's 
> lobbying for the use
> of XQuery to query UDDI repositories.  There was strong 
> resistance to use
> of
> the full spec.  I suggested publicly and privately that a 
> subset of XQuery
> be used.  Chris Kurt of Microsoft and overall UDDI lead was extremely
> interested in this idea.  I further suggested that UDDI 
> formally respond to
> the XQuery working drafts, indicating what features it may/would be
> interested in subsetting.  I also think that SAML should do 
> this, and will
> volunteer to write a draft no matter what SAML decides to do 
> on SAML ver
> 1.0
> wrt XQuery.  This serves a few purposes: 1) I'm hoping that 
> requests from
> UDDI and/or SAML will place pressure on XQuery to formally subset or
> profile
> XQuery; 2) If UDDI can place pressure, they may do some of 
> the work that
> SAML could then pick up; 3) Increase the likelihood of 
> lightweight XQuery
> implementations, removing some of the SAML vendor concerns about
> complexity;
> 4) if any members of the XQuery WG (including the chair?) 
> have inclinations
> to do profiles or subsets of XQuery, these could be powerful 
> motivators.
> Cheers,
> Dave Orchard
> XML Architect
> Jamcracker Inc.,    19000 Homestead Dr., Cupertino, CA 95014
> p: 408.864.5118     m: 604.908.8425    f: 408.725.4310
> www.jamcracker.com - Sounds like a job for Jamcracker.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC