[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] WSS OTP-Token subcommittee proposal
Paul: Actually, your statement is not quite correct. TC's are bound by their charter and no *single* member may arbitrarily introduce work items that increase a charter's scope. A TC must also not arbitrarily expand its' charter without going through a lengthy process as defined by the OASIS Policies and Procedures. There is a process for the TC to expand or clarify its charter but that must be done in accordance with the procedures. I do agree that the proposed item is out of scope given the current charter of the TC and do not favor adding more work. Duane -----Original Message----- From: Paul Cotton [mailto:Paul.Cotton@microsoft.com] Sent: Tuesday, September 20, 2005 8:28 AM To: Granqvist, Hans; Linn, John Cc: wss@lists.oasis-open.org Subject: RE: [wss] WSS OTP-Token subcommittee proposal > This profile would be functionally comparable to other profiles defined > within the WSS TC, so we believe it is appropriate to standardize > within the same forum. I disagree. You cannot just add something to the work list of an OASIS TC. Each TC has a charter that governs its work and a TC is not permitted to change its charter. I do not believe that this proposed work is within the scope of the current OASIS TC charter [1]. The charter explicitly states: "The TC has the following initial set of deliverables. - The "core" specification (final name TBD) - A SAML profile - An XrML profile - A Kerberos profile - An X.509 profile" There is no mention of an OTP profile in this list and an OTP profile was not in the contributed "core" specification. In addition there is no other mention of other token profiles being in scope in the TC's charter. Thus I believe the OTP proposed work is Out of Scope and cannot be added to the WSS TC's work list. In addition I believe the WSS TC should concentrate its resources on completing its work on WSS 1.1 and must not be distracted with other Out of Scope work. If this matter comes to a vote I will vote against adopting this new work. /paulc [1] http://www.oasis-open.org/committees/wss/charter.php Paul Cotton, Microsoft Canada 17 Eleanor Drive, Nepean, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329 mailto:Paul.Cotton@microsoft.com > -----Original Message----- > From: Granqvist, Hans [mailto:hgranqvist@verisign.com] > Sent: August 22, 2005 7:53 PM > To: wss@lists.oasis-open.org; Linn, John > Subject: [wss] WSS OTP-Token subcommittee proposal > > (This is a follow up to the issue I brought up August 9 > regarding a WSS One-Time Password token profile sub > committee, see minutes of call under "5. Other business" > --Hans) > > > Proposal > ======== > RSA Security and VeriSign would like to propose a new work > item for the WSS TC, defining a WSS profile for use of One- > Time Password (OTP) authentication. The intended goal is > to accommodate a broad range of OTP technologies within the > WSS framework. While IPR claims may apply to underlying OTP > methods that the profile may support, the proposers intend > that the constructions to be defined in the profile itself > be unencumbered. > > This profile would be functionally comparable to other > profiles defined within the WSS TC, so we believe it is > appropriate to standardize within the same forum. We > propose that this work item be pursued in a new OTP Token > Profile subcommittee within the WSS TC, as this should > facilitate effective discussion of OTP-related aspects that > may have limited interest for some TC members. The profile > specification(s) would be the subcommittee's deliverable to > the TC. A chair or co-chairs would be selected if and as the > subcommittee is formed. > > We anticipate that existing and related work will be > available as input for this task. The One-Time Password > Specifications (OTPS, http://www.rsasecurity.com/rsalabs/otps) > initiative, coordinated by RSA Security, has produced several > drafts of an OTP-WSS-Token specification which have evolved > in response to public review and comment. Following further > refinement within the OTPS process, RSA Security proposes to > submit a subsequent version of this document as input to the > WSS TC. > > VeriSign, in conjunction with the Open Authentication > initiative (OATH, http://www.openauthentication.org) is also > producing work related to an OTP token profile. We anticipate > that versions of these input documents will be ready for OASIS > submission by or during October 2005. We propose that the > results of these efforts, along with any other inputs which may > be received through the OASIS process, be harmonized under WSS > TC auspices. > > > John Linn, RSA Security > Hans Granqvist, VeriSign > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in > OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]