Checklist for the Web Services Security 1.1.1 for Progression to ISO

[Monica Martin <momartin@microsoft.com>]

For the transposition of PAS specifications, the WSS-M TC should adhere to the:

1.      OASIS Liaison Policy Reference Submitting OASIS Standards for adoption by other organizations, and

2.      Requirements of ISO/IEC JTC 1 Supplement, see Annex 9 for Guide to the Transposition of Publicly Available Specifications Into International Standards

Here is a breakdown of the OASIS Liaison Policy requirements and our preparedness to make the Submission request.

 

Section 1	Requirement	Achieved	Comments
A	OASIS Standard	On track
B	Recipient is a de jure standards authority	Yes
C	Successful completion of an OASIS-organized public interoperability demonstration between at least three independent implementations conducted in accordance with the OASIS InterOp Demonstration Guidelines	See Web Services Security 1.1 On track for implementation statements	Gartner April 2005: http://xml.coverpages,org/InteropWSS-Gartner2005.html X.509 Token Profile was demonstrated by 13 companies and coordinated through OASIS and meets the general guidelines per the Interop Policy in effect at that time. [see details in 1] Three companies successfully used WSS 1.1 when OASIS Standards progressed. [see 2] BSP 1.1 built on WSS 1.1 for 2010 demonstration: IBM, Oracle, Layer 7, SAP, Sun Microsystems (now Oracle), and Intel
D	A written request to OASIS after a special majority vote in the WSS-M TC	On track	Will be provided when OASIS Standard is approved
Section 2	1.      Any submission request delivered to the OASIS President under this policy must be in writing, and must include the following: [abbreviated] a.      Requester b.      Intended receiving standards organization c.      Intended status or outcome that the request seeks from the receiving organization's process; and a short description of the receiving organization's approval process, including estimated time required, stages of approval and who votes at each stage. d.      An explanation of how the submission will benefit OASIS. e.      The expected licensing, copyright and other intellectual property terms that will be used by the receiving organization in regard to the submission. f.       A statement of the intended future plans for versioning and maintenance of the OASIS Standard and/or Approved Errata for that standard, and the expected roles of OASIS and the receiving organization.		Included in explanatory report [draft here]

Thanks.

Monica

 

[1] [6] For Web Services Security v1.1

Oracle (BEA): http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200511/msg00064.html

IBM: http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200511/msg00063.html

Microsoft: http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200511/msg00070.html

[2] Details on Gartner event:

Event coordinated by OASIS Staff: http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200502/msg00044.html

More than 10 companies were planning to attend: http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200504/msg00005.html. See references in these minutes to interoperability testing of three companies on Kerberos token as well.

Indications the Interop policy was used: http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200502/msg00031.html

Scenario: Sign and encrypt: http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200503/msg00019.html

Draft document (likely used for the event – created post event): http://www.oasis-open.org/apps/org/workgroup/wss/download.php/12997/wss-11-interop-draft-01.doc

Outcomes of the Gartner event: http://www.oasis-open.org/apps/org/workgroup/wss/email/archives/200505/msg00026.html

The current version of the Interop policy was approved after the Gartner demonstration; previous guidelines applied (September 2004). The event appears to meet the general criteria of either policy.