RE: [security-services] RE: IBM charter position (was [security-services] Groups- sstc-saml-charter-2.0-draft-02.doc uploaded)

[Anthony Nadalin <drsecure@us.ibm.com>]

Conor,

>That is not our understanding of the conditions for participation in those
workshops.  First off, they are not joint specification work, but rather
"one-way give >us input, we'll decide what to do" type meetings. Secondly
the terms for such meetings require legal agreements from people other than
the authors without >providing equally binding agreements upon the authors.


As it was explained to you before is a reciprocal agreement, have you
looked at the agreement  as it seems that there is some misunderstanding


Anthony Nadalin | work 512.436.9568 | cell 512.289.4122


|---------+---------------------------->
|         |           "Conor P. Cahill"|
|         |           <concahill@aol.co|
|         |           m>               |
|         |                            |
|         |           11/17/2003 04:39 |
|         |           AM               |
|---------+---------------------------->
  >----------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                              |
  |       To:       Anthony Nadalin/Austin/IBM@IBMUS                                                                                             |
  |       cc:       security-services@lists.oasis-open.org                                                                                       |
  |       Subject:  RE: [security-services] RE: IBM charter position (was [security-services] Groups - sstc-saml-charter-2.0-draft-02.doc        |
  |        uploaded)                                                                                                                             |
  >----------------------------------------------------------------------------------------------------------------------------------------------|






Anthony Nadalin wrote on 11/16/2003, 9:31 PM:
 >
 > Thanks for the comments but I'm confused, it seems that OMA has chosen
to
 > accept Liberty 1.1 for SSO but complete federated identity is still
 > out of
 > scope for the phase 1 work.
  So it seem that any immediate urgency from
 > the
 > mobile community can be solved by the specifications the Liberty group
 > has
 > encouraged the OMA to accept., So what is pushing the  urgency in the
 > SS-TC, can't folks use the Liberty specifications ? Maybe you can get
 > some
 > of your customers to help us understand why what  Liberty group has
 > encouraged the OMA to accept is not sufficient.

1) what OMA has chosen to do or not do is not at issue here.  Clearly
there are many politicial and resource isses involved in any decision
that may be made by such an organization.

2) There is not a sudden "urgency" within the SSTC to encompass
federation.  Federation, to many of us, is clearly a part of the SSO
environment and needs to be solved to enable reasonable SSO across
identity domains.  This is a natural place in the evolution of the SAML
specs to address this and "urgency" only comes to mind by people trying
to stop the process.

3) The adoption of the SSO portion of the Liberty specifications without
the federation portions (assuming this is true, I haven't seen any
public announcements of such adoptions) flies in the face of your
concern about SAML generating a "monolithic" specification.  Clearly the
SSO mechanisms are separate and distinct from the federation mechanisms.

 > You are welcome to attend the public workshops on the various WS-*
 > specifications. RSA  is joining us next week, and maybe Nokia could
 > participate  with the authors and other companies. These workshops
 > allows an open exchange under RF rules prior to submitting the
 > specifications to astandards body.

That is not our understanding of the conditions for participation in
those workshops.  First off, they are not joint specification work, but
rather "one-way give us input, we'll decide what to do" type meetings.
Secondly the terms for such meetings require legal agreements from
people other than the authors without providing equally binding
agreements upon the authors.

If you want real participation in the development of the WS-* specs, you
need to bring them into a standards body.

Conor


To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php
.