[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [wss] Document Naming Action Item
>It seems to me that the colon suggests that future standards named "Web
Services Security: ..."
>ought to come out of this committee. But it is clearly the sense of this
committee that its
>scope is limited.
So long as they reflect the intent of the specification - for example,
"Web Services Security: SOAP Message Security" seems fine.
However, based on attached e-mail expressing concern about using umbrella
tag,
"Web Services Security", as prefix for all documents, I add here one
additional
suggestion:
"Web Services SOAP Message Security Specification"
The naming convention for specific profile specifications, for example if we
go with above, could be:
Web Services SOAP Message Security: SAML Token Profile
and so on...
thanks,
Zahid
-----Original Message-----
From: Jerry Schwarz [mailto:jerry.schwarz@oracle.com]
Sent: Tuesday, October 08, 2002 7:56 AM
To: Philpott, Robert; wss@lists.oasis-open.org
Subject: Re: [wss] Document Naming Action Item
I propose removing the ":" from each of the alternatives.
My concern is that the title, whatever choice is accepted, should not
preempt naming for other standards that will address other aspects of web
services security. It seems to me that the colon suggests that future
standards named "Web Services Security: ..." ought to come out of this
committee. But it is clearly the sense of this committee that its scope is
limited.
In fact a more specific tag, such as "Soap Message Security: Core", would be
preferable from this point of view, but I understand that there is pressure
to include the phrase "Web Services Security" in the title.
At 07:22 AM 9/26/2002, Philpott, Robert wrote:
Paul Cotton, Hal Lockhart, and I received an action item at the f2f to
provide naming recommendations for documents produced by the TC. At this
week's TC con-call, we agreed to send out a note this week. After e-mail
exchanges with Paul and Hal, I agreed to write up our suggestions for
consideration by the full TC.
The main issue we attempted to deal with was to have the naming convention
reflect the various concerns raised at the f2f regarding our TC's scope.
First, there is a desire to capitalize on the "goodwill and capital"
associated with the name "Web Services Security". Yet there is also a need
to deal with the strong concern by a number of members which noted that WSS
actually encompasses much more than just the SOAP message security addressed
by current "core" document. Thus they feel the document names should reflect
the actual document content in order to avoid confusing the public who may
think the spec's cover something more than the titles imply.
With this issue in mind, the three of us recommend the following approach:
1. We recommend the use of an "umbrella" tag as a prefix to all
document names. We recommend "Web Services Security" for this tag.
1. As stated in the current draft document labeled "Core
Specification", the goal of the document is to "enable applications to
construct secure SOAP message exchanges". Therefore we recommend that this
document be labeled with one of the following:
* Web Services Security: SOAP Message Protection
* Web Services Security: SOAP Message Security
* Web Services Security: Secure SOAP Message Exchange
* Web Services Security: Core Specification (see note)
[Note] The team was split on whether to provide "Core Specification" as an
option. The two opinions were a) this is the key document of the set, and
b) the name does not reflect the restricted, explicit scope of the document.
1. The additional documents that have been drafted thus far deal with
the use of various security token formats within the context of the SOAP
message headers. These draft documents currently are labeled as "Binding"
documents. The OASIS SAML TC uses the term "Profile" for such documents.
Either term should be acceptable. It is recommended here that these usage
documents be referred to as "Token Profile" documents. Thus, we currently
would have the following set of documents:
* Web Services Security: X509 Token Profile
* Web Services Security: Kerberos Token Profile
* Web Services Security: SAML Token Profile
* Web Services Security: XrML Token Profile
Rob Philpott
RSA Security Inc.
The Most Trusted Name in e-Security
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
mailto:rphilpott@rsasecurity.com <mailto:rphilpott@rsasecurity.com>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC