Re: [wss] Fwd: WS-Security specs make their debut

[Jerry Schwarz <jerry.schwarz@oracle.com>]

I don't think we should blame the press. This confusion was an inevitable
consequence of the poorly chosen name of the committee. "Web
Services Security" is understood by people who aren't intimately
familiar with the documents and committee charters as including all the
areas (and perhaps more) that are covered by the roadmap.The natural
assumption is that the scope of a "Web Services Security"
working group would encompass all that.  

The authors of IBM's web page (I haven't look at Microsoft's yet) add to
the confusion with the subhead 

  "New specifications improve the WS-Security
model"

You can explicate that subhead so that it is technically correct, but as
far as I'm concerned you can't eliminate the suggestion that
"improving the WS-Security model" is or ought to be within the
scope of a technical committee responsible for "WS-Security".

One of the documents is referred to as "WS-Security Policy" and
describes itself as 

    This document is an addendum to
WS-Security
and indicates the policy assertions for
    WS-Policy
which apply to
WS-Security.

I haven't read the document, and I assume that it is what we would call
profile, but calling it an "addendum to WS-Security" certainly
suggests it is something of concern to the technical committee
responsible for WS-Security.

It is probably too late to do anything about the committee's name, but it
isn't too late to do something about the document titles. I believe we
should reconsider the use of "Web Services Security:" as the
tag. I propose the description we choose for the core document as the
tag.

So the core document would be

    Soap Message Security: Core

And the profiles would be 

    Soap Message Security: XYZ Profile

At 06:51 AM 12/20/2002, Kelvin Lawrence wrote:

> Hi
> Ed,  thanks for the note, I think the press article you referenced
> was unfortunately very poorly worded and seems to use the phrase
> "WS-Security" in a generic sense where the phrase
> "security roadmap" would  have been more accurate.
>
> As I know you are aware, IBM and Microsoft
> produced a Web services security roadmap back in April, along with the
> roadmap, a single concrete specification called WS-Secuirity was also
> produced. WS-Security was outlined in the roadmap as the basis for the
> rest of the specifications in the roadmap. WS-Security was consequently
> submitted to OASIS and the WSS TC was chartered. 
>
> What IBM, Microsoft,Verisign, RSA Security,
> BEA  Systems and SAP have done this week is to deliver drafts of
> some of the other specifications described in the roadmap. As you recall
> the WSS-TC did not want to assume the responsibility of the roadmap, and
> at our first F2F in September the charter was clarified after a lot of
> discussion to make it clear what the scope of the TC was. The roadmap
> itself was not submitted to the TC in any formal way. 
>
> So while I agree the article you pointed us
> all to is poorly worded, the WSS-TC has not undertaken any new
> specifications in your absence or anything like that  and the
> charter has not been changed. I spoke to some of the people who
> participated in the announcement of these new specs and they told me that
> it was made very clear that these were new specs being delivered as part
> of filling out the roadmap. Unfortunately this particular journalist
> seems to have used some incorrect words and confused WS-Security with the
> overall roadmap. I have seen other articles this week that do focus on
> the roadmap more accurately. 
>
> Also, some of the other press articles I
> have seen do go on to say that the authors of the new specifications
> intend to take the specifications to a standards body which is accurate
> coverage. As of today, the new specifications are published to the
> respective author's web sites to allow people to comment on them.
>
> I hope this clears things up a bit, and likewise best wishes for a safe
> and happy holiday period to you and all of our TC members. 
>
> Cheers
> Kelvin