OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [no subject]

Public Review

Before the TC can submit its Committee Draft to OASIS membership for
review and approval as an OASIS Standard, the TC must conduct a public
review of the work. The decision by the TC to submit the work for public
review requires a majority vote. The review must be announced by the TC
Administrator on the OASIS members mail list and optionally on other
public mail lists. Review must take place for a minimum of 30 days,
during which time no changes may be made to the document. Comments must
be collected via the TC's archived public comment facility. The TC must
record the comments received as well as the resolution of those

As was noted, our "committee last call" step is an internal SSTC step we
want to use to ensure that the actual Committee Draft we end up
approving has seen some public review before we approve it as CD. =20

We do then intend to submit our CD for consideration as an OASIS
standard, so it will, of course, then need to go through the formal
30-day public review as per the process.

Am I misreading the process?  Where does it say we need a formal public
review BEFORE we approve a CD?


Rob Philpott
Senior Consulting Engineer=20
RSA Security Inc.=20
Tel: 781-515-7115=20
Mobile: 617-510-0893=20
Fax: 781-515-7020=20

-----Original Message-----
From: Eve L. Maler [mailto:Eve.Maler@Sun.COM]=20
Sent: Wednesday, July 14, 2004 9:55 AM
To: karl.best@oasis-open.org
Cc: 'security-services@lists.oasis-open.org'; Dee Schur; Robin Cover;
'Prateek Mishra (pmishra@netegrity.com)'; Philpott, Robert; Jeff Hodges
Subject: Re: [security-services] Re: Last-call drafts and call for
review now available on website

Karl-- Let me confer with the current and former co-chairs on this.  The

SSTC invented this process a long time ago, before the current process=20
existed as such (there used to be no requirements around review prior to

Ctte Spec/Draft stage), and it may be that the purposes of the two=20
processes coincide sufficiently to be considered the same thing.  But in

that case, we'll have to formally put the other specs (not all of them=20
were included in this package) through the process as well.


Karl F. Best wrote:

> Eve:
> Is this "last call" the same as the public review required by the TC=20
> Process before the approval of the spec as a CD by the TC? (see=20
> http://www.oasis-open.org/committees/process.php#committee_draft) Or
> that public review already taken place? If it's a public review
> a process to follow, i.e. I have to announce it, etc.
> But even if the required public review has already taken place this=20
> "last call" could be considered another round of review (see the
> para of the section on public review); why don't we do that instead of

> inventing something that's not in the Process?
> (But I appreciate your informing me where things are at, and I would=20
> encourage Dee making the announcement once we figure out what to call=20
> this.)
> -Karl
> Eve L. Maler wrote:
>> Folks, the last-call draft package that we approved today is now=20
>> available from the SSTC website.  Please check out the site and let
>> know if you find any errors:
>> http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=3Dsecurity
>> Note that I've created a zip file for downloading all the last-call=20
>> spec and schema drafts at once:
>> Karl, Dee, and Robin, although the SSTC does this last-call phase on=20
>> its own as an additional level of review along with the usual=20
>> Committee Draft and OASIS Standard balloting phases, we thought you=20
>> might be interested that we've reached this level.  It indicates that

>> we believe these specs are feature-complete (though we're prepared to

>> revise them to accommodate comments) and that we're actively=20
>> soliciting external input even before the Committee Draft phase. =20
>> Think of it as a sort of beta.  (Note that there are other specs in=20
>> the SAML V2.0 set that are either less crucial for initial=20
>> implementation or are non-normative, or both, that will skip this=20
>> last-call phase, though they have working drafts linked from the SSTC

>> website.)
>> Dee, can I request that you add a blurb along the following lines to=20
>> the next issue of OASIS News?  We will also send a note to the=20
>> saml-dev mailing list along these lines.
>> "
>> The Security Services Technical Committee (SSTC) has produced a set
>> last-call working drafts for key SAML Version 2.0 specifications and=20
>> schemas, and is soliciting review comments and implementor feedback=20
>> prior to preparing Committee Drafts.  Comments are due by 2 August=20
>> 2004.  The last-call drafts can be found here:
>>   http://www.oasis-open.org/committees/download.php/7750/
>> More information, along with links to additional SAML specification=20
>> drafts, is available at the SSTC website:
>>   http://www.oasis-open.org/committees/security
>> "
>> Thanks,
>>     Eve

Eve Maler                                        +1 781 442 3190
Sun Microsystems                            cell +1 781 354 9441
Web Products, Technologies, and Standards    eve.maler @ sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]