[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [wss] Fwd: WS-Security specs make their debut
Jerry,
I disagree with you that the "authors of IBM's web pages add to the
confusion", as WS-Security was a name that was chosen by the authors of the
specification, this specification has been implemented by numerous vendors
and is part of the over all Web services security roadmap.
The authors have submitted the WS-Security specification(s) to OASIS in
particular to the WSS-TC, since there is no official output of the WSS-TC
yet, the follow on specifications in the roadmap refer to WS-Security.
Remember that during the first face-to-face meeting there were a set of
folks that wanted to make sure that the charter was limited as not to
include working on the roadmap.
Anthony Nadalin | work 512.436.9568 | cell 512.289.4122
|---------+---------------------------->
| | Jerry Schwarz |
| | <jerry.schwarz@or|
| | acle.com> |
| | |
| | 12/23/2002 11:10 |
| | PM |
|---------+---------------------------->
>----------------------------------------------------------------------------------------------------------------------------------------------|
| |
| To: Kelvin Lawrence/Austin/IBM@IBMUS, Ed Reed <ereed@novell.com> |
| cc: ckaler@microsoft.com, Ed Reed <EReed@novell.com>, Gary Hein <GHein@novell.com>, Shawn Dickerson <SDICKERSON@novell.com>, |
| Sarah Mees <SMees@novell.com>, Winston Bumpus <WBUMPUS@novell.com>, wss@lists.oasis-open.org |
| Subject: Re: [wss] Fwd: WS-Security specs make their debut |
>----------------------------------------------------------------------------------------------------------------------------------------------|
I don't think we should blame the press. This confusion was an inevitable
consequence of the poorly chosen name of the committee. "Web Services
Security" is understood by people who aren't intimately familiar with the
documents and committee charters as including all the areas (and perhaps
more) that are covered by the roadmap.The natural assumption is that the
scope of a "Web Services Security" working group would encompass all that.
The authors of IBM's web page (I haven't look at Microsoft's yet) add to
the confusion with the subhead
"New specifications improve the WS-Security model"
You can explicate that subhead so that it is technically correct, but as
far as I'm concerned you can't eliminate the suggestion that "improving the
WS-Security model" is or ought to be within the scope of a technical
committee responsible for "WS-Security".
One of the documents is referred to as "WS-Security Policy" and describes
itself as
This document is an addendum to WS-Security and indicates the policy
assertions for
WS-Policy which apply to WS-Security.
I haven't read the document, and I assume that it is what we would call
profile, but calling it an "addendum to WS-Security" certainly suggests it
is something of concern to the technical committee responsible for
WS-Security.
It is probably too late to do anything about the committee's name, but it
isn't too late to do something about the document titles. I believe we
should reconsider the use of "Web Services Security:" as the tag. I propose
the description we choose for the core document as the tag.
So the core document would be
Soap Message Security: Core
And the profiles would be
Soap Message Security: XYZ Profile
At 06:51 AM 12/20/2002, Kelvin Lawrence wrote:
Hi Ed, thanks for the note, I think the press article you referenced
was unfortunately very poorly worded and seems to use the phrase
"WS-Security" in a generic sense where the phrase "security roadmap"
would have been more accurate.
As I know you are aware, IBM and Microsoft produced a Web services
security roadmap back in April, along with the roadmap, a single
concrete specification called WS-Secuirity was also produced.
WS-Security was outlined in the roadmap as the basis for the rest of
the specifications in the roadmap. WS-Security was consequently
submitted to OASIS and the WSS TC was chartered.
What IBM, Microsoft,Verisign, RSA Security, BEA Systems and SAP have
done this week is to deliver drafts of some of the other
specifications described in the roadmap. As you recall the WSS-TC did
not want to assume the responsibility of the roadmap, and at our
first F2F in September the charter was clarified after a lot of
discussion to make it clear what the scope of the TC was. The roadmap
itself was not submitted to the TC in any formal way.
So while I agree the article you pointed us all to is poorly worded,
the WSS-TC has not undertaken any new specifications in your absence
or anything like that and the charter has not been changed. I spoke
to some of the people who participated in the announcement of these
new specs and they told me that it was made very clear that these
were new specs being delivered as part of filling out the roadmap.
Unfortunately this particular journalist seems to have used some
incorrect words and confused WS-Security with the overall roadmap. I
have seen other articles this week that do focus on the roadmap more
accurately.
Also, some of the other press articles I have seen do go on to say
that the authors of the new specifications intend to take the
specifications to a standards body which is accurate coverage. As of
today, the new specifications are published to the respective
author's web sites to allow people to comment on them.
I hope this clears things up a bit, and likewise best wishes for a
safe and happy holiday period to you and all of our TC members.
Cheers
Kelvin
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC