OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [wss] Document Naming Action Item

Paul Cotton, Hal Lockhart, and I received an action item at the f2f to provide naming recommendations for documents produced by the TC.  At this week's TC con-call, we agreed to send out a note this week. After e-mail exchanges with Paul and Hal, I agreed to write up our suggestions for consideration by the full TC.

 

The main issue we attempted to deal with was to have the naming convention reflect the various concerns raised at the f2f regarding our TC's scope.  First, there is a desire to capitalize on the "goodwill and capital" associated with the name "Web Services Security". Yet there is also a need to deal with the strong concern by a number of members which noted that WSS actually encompasses much more than just the SOAP message security addressed by current "core" document. Thus they feel the document names should reflect the actual document content in order to avoid confusing the public who may think the spec's cover something more than the titles imply.

 

With this issue in mind, the three of us recommend the following approach:

 

  1. We recommend the use of an "umbrella" tag as a prefix to all document names.  We recommend "Web Services Security" for this tag.

 

  1. As stated in the current draft document labeled "Core Specification", the goal of the document is to "enable applications to construct secure SOAP message exchanges".  Therefore we recommend that this document be labeled with one of the following:

·         Web Services Security: SOAP Message Protection

·         Web Services Security: SOAP Message Security

·         Web Services Security: Secure SOAP Message Exchange

·         Web Services Security: Core Specification (see note)

[Note] The team was split on whether to provide "Core Specification" as an option.  The two opinions were a) this is the key document of the set, and b) the name does not reflect the restricted, explicit scope of the document.

 

  1. The additional documents that have been drafted thus far deal with the use of various security token formats within the context of the SOAP message headers.  These draft documents currently are labeled as "Binding" documents.  The OASIS SAML TC uses the term "Profile" for such documents. Either term should be acceptable.  It is recommended here that these usage documents be referred to as "Token Profile" documents.  Thus, we currently would have the following set of documents:

·         Web Services Security: X509 Token Profile

·         Web Services Security: Kerberos Token Profile

·         Web Services Security: SAML Token Profile

·         Web Services Security: XrML Token Profile

 

Rob Philpott
RSA Security Inc.
The Most Trusted Name in e-Security
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
mailto:rphilpott@rsasecurity.com

 

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC