[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Discussion of Future Work of the SSTC
Colin, Your suggested work items are good and will be added to the list. I would like to comment on one specific portion of your message. > I'm surprised we are even debating the issue. If this standard is to > become > ubiquitous, as I'm sure we all want it to be, it needs to be maintained > and > refreshed as time goes on. Example: Do we really know, today, how a mature > Web 2.0 implementation might give rise to modified approaches in SAML 2.0? In 2005 OASIS changed its IPR Policy so as to require participants and contributors to commit in advance to offer specified licensing terms for IP which is essential to implementing a given specification. Obviously it is impossible to require non-participants to do anything. In general in standards development it is desirable to have the key players participate, both to make technical contributions and to accelerate adoption. The desire for IPR commitments adds another reason, as these are the organizations which are most likely to have IPR in the relevant area. However it is unreasonable to expect large organizations to commit in advance to give away technology potentially worth millions of dollars without any clear statement of the scope of that commitment. The current SAML Charter says in part: "The purpose of the TC is to define, enhance, and maintain a standard XML-based framework for creating and exchanging authentication and authorization information." The Scope section of the charter refers only to SAML 2.0 work. There is no mention of post 2.0 work. I think it is reasonable for one to take the view that this needs to be tightened up. The current thinking of the OASIS Board (as embodied in the TC Process and IPR Policy) is that TCs should be chartered to do specific work. This is similar to the philosophy of organizations like the W3C and the IETF. It is different from organizations like ITU-T and ISO, where committees have a continuing responsibility for evolving technology in a general area. In the SSTC we must at a minimum define what we are doing post SAML 2.0. Since some members have expressed a desire to see a more precisely defined charter and may be willing to make an issue of it in IPR Transition, the chairs are trying to see if we can develop a consensus around that the Charter should say, so that IP contributors will know what they are agreeing to and yet we still have the flexibility we need to respond to external events affecting the use of SAML. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]