[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] RE: Minutes for Telecon, Tuesday 30 Septe mber 2003
Okay - now sticking to the charter/goals discussion.... At the f2f, the goal statement was adopted by unanimous consent. You were there and therefore voted in the affirmative on these goals. Are you now saying that you have changed your mind and do not believe these are the goals we should be working on? If so, then the chairs will be happy to have you propose a new set of goals and we can put you on the agenda for the next meeting so they can be debated and voted on in a quorum meeting as a replacement for the current set. But as of now, the TC has these as their approved V2.0 goals. > As far as the changes to the charter wording like "Addressing issues and > enhancement requests that have arisen from experience with real-world SAML > implementations and with standards architectures that use SAML, such as > the > OASIS WSS and XACML work." does not clarify anything just mystifies > things. > [Rob] Compared to the current TC charter (which was approved by the TC and accepted by OASIS), in what way does this add mystery? The current charter states: "new functionality satisfying newly discovered requirements (for example, through implementation and deployment of the existing specifications)". The new statement is simply being more specific about some of the places where "the deployment of the existing specifications" has occurred. Those are not a mystery to anyone. > "Adding support for features that were deferred from previous versions of > SAML for schedule reasons, such as session support, the exchange of > metadata to ensure more interoperable interactions, and collection of > credentials" is far to open. I suggest that the TC have a clear and > precise > list of "features" so the charter can address these as this leaves it wide > open and does not clarify anything just mystifies things. > [Rob] You've got to be kidding. There is absolutely nothing in the TC process that states that the charter must provide that level of detail. Please take a look at all of the other OASIS TC charters and tell me how many provide a specific list of features with the detail you are suggesting. Perhaps one or two might be more specific, but the vast majority are not. The WSS-TC certainly isn't; Provisioning isn't; ebXML isn't; WSDM isn't; DSML isn't; ... I believe the proposed charter is much more specific than most at OASIS. The TC process says we simply need to describe "a list of deliverables, with completion dates" period. We only need to ensure that those deliverables are aligned with the scope of the TC. Please explain how session support, metadata exchange, or credentials collector are not in scope. > Also the statement "Converging on a unified technology approach for > identity federation by integrating the specifications contributed to the > TC > by the Liberty Alliance" seems like scope creep to me as I don't see > anything in the charter about "federation" as federation goes way beyond > authentication. [Rob] I don't see anything in our charter that states we can define how an Attribute Authority would work, either. But it's needed for making authorization decisions, so we define it in SAML. I don't see anything in the charter that explicitly states that we will define profiles that solve the Web SSO problem. But they are clearly in scope. In the TC's view (if you've changed your mind it's now the TC minus 1), federated identities are essential to completing the job we started with Web SSO. They are essential to the process of creating useful authentication and authorization information exchanges. Just because it's not explicitly called out doesn't mean we can't work on it when it's required to meet our stated purpose. If you want to argue that this is out of scope, then please make your case with a proposal to the list. We'll put it on the agenda for discussion and a vote. But as it stands, the chairs and the TC as indicated by the unanimous consent of the goals, clearly believes that this is in scope. If you aren't satisfied with this approach, then please take it up with TC Admin. > > So I don't see the updates above clarifying anything, I have no problem > with the changes that clarify the dates or clarifying that additional > profile documents will be produced. [Rob] Apparently, we simply have an argument over the semantics of "clarification". As I said, we have agreed-upon goals and the charter update has been proposed with the objective of clarification w.r.t those goals. If you have alternative proposals, please make them. Cheers, Rob
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]