RE: [ws-sx] Time to close the WS-SX TC?

[Carlo Milono <cmilono@tibco.com>]

Not pretty.  I have seen the – what? – chaos in the Sig & Enc work and the lack of resolution.  I still think that from a standards architectural perspective, that these types of foundational aspects, such as symbols, should be delegated/inherited.  That it doesn’t map, as you said, is what I’m pointing out, and the resolution is almost a refactoring rather than an addition, with the alternative being a never-closed spec.

I’ve been following the Suite B and ECC ‘business’, and it is still a moving target.

 

From: Hal Lockhart [mailto:hal.lockhart@oracle.com]
Sent: Thursday, June 06, 2013 11:43 AM
To: Carlo Milono; Kelvin Lawrence; ws-sx@lists.oasis-open.org
Subject: RE: [ws-sx] Time to close the WS-SX TC?

 

I am specifically avoiding the issue of specifying what algorithms must be used or ought to be used. I just want to add symbols to make it possible to use these and interoperate.

 

To answer your question, in an ideal world W3C-Sec should define all the symbols, but they are not in Sig & Enc 1.1 and work on Sig & Enc 2.0 has stalled for lack of prospective implementations.

 

In any event, because WS-SP has chosen to structure the Algorithm Suite Property in a way which does not map directly to cryptographic algorithm identifiers, we could not go directly from XML Enc & XML Sig to WS-SP directly even if W3C-Sec had defined these.

 

Hal

 

From: Carlo Milono [mailto:cmilono@tibco.com]
Sent: Thursday, June 06, 2013 2:31 PM
To: Hal Lockhart; Kelvin Lawrence; ws-sx@lists.oasis-open.org
Subject: RE: [ws-sx] Time to close the WS-SX TC?

 

This brings up an issue of how to maintain (?) specs that have foundational roots in older technologies.  Your example points to some newer primitives.  There will be even newer ones in the future.  SHA-3?  I think the wording of OASIS should be somewhat open-ended in a way to future-proof changes in the foundation.  MD5 is no longer considered secure, and SHA-1 is not recommended – what about the Digest Password in Username Token Profile?  Eh…  Some specs seem to mandate the ‘best of the day’, but don’t account for the ‘best’ dying at some future date.

I’ll admit, it is hard to maintain interoperability in the face of flexibility.  Couldn’t the symbols be delegated to W3C xmldsig-core and xmlenc-core?

 

From: ws-sx@lists.oasis-open.org [mailto:ws-sx@lists.oasis-open.org] On Behalf Of Hal Lockhart
Sent: Thursday, June 06, 2013 11:17 AM
To: Kelvin Lawrence; ws-sx@lists.oasis-open.org
Subject: RE: [ws-sx] Time to close the WS-SX TC?

 

Actually I have been intending to propose one new piece of business.

 

I would like to produce a update to WS-SP to add new symbols for the following algorithms:

 

ECC

GCM (with AES)

The composite sign/encrypt algorithms being defined in JOSE.

 

I am sorry I have not had the time to make a formal proposal.

 

What do others think?

 

Hal

 

From: Kelvin Lawrence [mailto:klawrenc@us.ibm.com]
Sent: Wednesday, June 05, 2013 3:16 PM
To: ws-sx@lists.oasis-open.org
Subject: [ws-sx] Time to close the WS-SX TC?

 

Hi folks. We (the WS-SX TC members) have not had any business to discuss in a very long time and I have not seen any issues raised on the private or public lists. My colleagues are reporting the same experience with the other WS-* TCs. I think perhaps it is now a safe time to declare the WS-SX TC has run its course.

Could I get a sense from the voting members (of who there are not many left now) as to if there is any objection to my setting up a vote to consider formally closing the TC?


Cheers
Kelvin