[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: UDDI AG meeting and SAML: SAML in UDDI and XQuery subsets.
If I've misunderstood the terms of the Agreement for UDDI Advisors or what is considered confidential, I apologize. I am certainly aware of the confidentiality obligations, and have every intention of honoring them. I don't believe that I did violate them in this case, but and glad to discuss it with you if you think I've disclosed anything inappropriately. I certainly did not give out any Unpublished Specifications that the UDDI WG gave to me, like schedules, requirements, etc. I mostly articulated what I had said to people. The information that I disclose to UDDI WG members is non-exclusive and I chose to disclose some of it to SAML. BTW, I suggest that in the future, UDDI documents contain an appropriate confidentiality legend. I said very little about what was disclosed to me, and I did not understand them to be confidential. The only 2 statements I made about what UDDI WG members said were your desire for clear SSO use cases and that Chris Kurt was interested in subsetting XQuery. I did not state any opinion of yours wrt my proposal for model extensions. Given that you've restated your concern and desires on use cases to a wider forum, it seems that that isn't confidential information. My goal was and continues to get better co-operation between group specifications like SAML, UDDI, W3C XQuery, W3C canonicalization, and others. I believe your response to my SAML post is inappropriately cross-posted. If or when I'd like to propose ideas to UDDI on Security, I'd like to structure it in a way that I'm comfortable with. In the interest of both of us working together so that we can continue to advance our professional objectives, I suggest that if you have concerns like the ones raised, that you raise them with me first as a courtesy, and give me the opportunity to respond. I agree to extend the same courtesy to you. I regret that you feel I have somehow misrepresented you by taking your statements out of context. To a certain extent, I've had to take things out of context. The UDDI meeting was 1 1/2 days, with about 20 minutes of it relevent to SAML. That's a lot of context. I certainly did not intend to misrepresent your views. I was informing the SAML working group what I thought I could about the relationship between SAML and UDDI in planning for the SAML work. Again, I made no claims about what you said wrt my proposal for model extensions, simply that I had made a suggestion to you. Nor did I say whether I had lobbied for this to the UDDI AG or WG. I have been thinking of writing a UDDI best practices for this modelling of security aspects of business entities and services, but I think that's a very distinct and discrete thread from this one. If you still feel that my statements were inappropriate and misrepresented you, I would be glad to discuss this with you. Finally, despite this misunderstanding, I think we're in complete agreement wrt use cases. I agree that having use cases is important before determining requirements, and have been known to publicly state that, such as at the UDDI AG meeting. Perhaps a formal SAML response to UDDI V3 call for requirements would be useful. Given that Verisign, IBM, HP, Sun are significantly placed in SAML and UDDI, it seems that there is reason for hope in that regard. Dave Orchard XML Architect Jamcracker Inc., 19000 Homestead Dr., Cupertino, CA 95014 p: 408.864.5118 m: 604.908.8425 f: 408.725.4310 www.jamcracker.com - Sounds like a job for Jamcracker. > -----Original Message----- > From: Maryann Hondo [mailto:firstname.lastname@example.org] > Sent: Friday, June 22, 2001 9:24 AM > To: Orchard, David; email@example.com > Cc: oasis sstc > Subject: Re: UDDI AG meeting and SAML: SAML in UDDI and > XQuery subsets. > > > Dave, > > First of all, it is my understanding that the AG meeting is > covered by an > NDA. > I would be happy to entertain technical discussions of your > points below > and will respond on the AG mailing list... > (and will copy them so that they can participate in this discussion) > which for those of you who are not members is quite easy to > join.....and I > would encourage you to do so... see > http://www.uddi.org/community.html. > > Second, you have taken several things out of context. I > also find it a > bit disconcerting > that you have intermixed private conversations we had outside the AG > forum with > discussions in the meeting. I don't believe you actually > articulated your > feelings about these points > within the AG meeting itself. This is unfortunate because I > would have then > had the opportunity to respond. > > My perspective on Single Sign On, and Joe Pato and Bob > Blakely can support > me on this, ( since > I recall lengthy discussions on this topic at the Open Group) > is that it is > an overloaded term. What > I propose to do within UDDI is find out what problem exactly > we are trying > to solve > before we start architecting solutions. > > Maryann > > again, more comments on the AG list so join up everyone! :) > you know you need more email! > > > > "Orchard, David" <firstname.lastname@example.org> on 06/22/2001 03:13:42 AM > > To: oasis sstc <email@example.com> > cc: > Subject: UDDI AG meeting and SAML: SAML in UDDI and XQuery subsets. > > > I attended the UDDI AG meeting this week, and a few SAML > related items came > up. > > The use of SAML for SSO onto multiple UDDI repositories was questioned > strongly by Maryanne Hondo of IBM. The logic is that if everything is > replicated, why support SSO? Personally, I think this ought to be > supported > to support transition between public and private registries, > which have > different data sets. > > I lobbied Maryanne to support model extensions for security. > This would > allow a business entity to specify in standard tModel the security > mechanisms it supported, ie username/password and SAML. This is not a > security requirement per se, but more of modelling requirement. > > We may want SAML to formally liase with UDDI on these and > other issues. > > On a somewhat related note, I supported Vadim of BEA's > lobbying for the use > of XQuery to query UDDI repositories. There was strong > resistance to use > of > the full spec. I suggested publicly and privately that a > subset of XQuery > be used. Chris Kurt of Microsoft and overall UDDI lead was extremely > interested in this idea. I further suggested that UDDI > formally respond to > the XQuery working drafts, indicating what features it may/would be > interested in subsetting. I also think that SAML should do > this, and will > volunteer to write a draft no matter what SAML decides to do > on SAML ver > 1.0 > wrt XQuery. This serves a few purposes: 1) I'm hoping that > requests from > UDDI and/or SAML will place pressure on XQuery to formally subset or > profile > XQuery; 2) If UDDI can place pressure, they may do some of > the work that > SAML could then pick up; 3) Increase the likelihood of > lightweight XQuery > implementations, removing some of the SAML vendor concerns about > complexity; > 4) if any members of the XQuery WG (including the chair?) > have inclinations > to do profiles or subsets of XQuery, these could be powerful > motivators. > > Cheers, > Dave Orchard > XML Architect > Jamcracker Inc., 19000 Homestead Dr., Cupertino, CA 95014 > p: 408.864.5118 m: 604.908.8425 f: 408.725.4310 > > www.jamcracker.com - Sounds like a job for Jamcracker. > > >
Powered by eList eXpress LLC