[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: OTP and the "charter" discussion.
Okay – I’ll start
First, IMO, the claim that the proposal for the TC to take up a work item on an additional token profile is out of scope of the charter is wrong.
Before responding, I STRONGLY recommend that people go back and read the following carefully:
a) the current TC charter (http://www.oasis-open.org/committees/wss/charter.php)
b) the OASIS TC process (http://www.oasis-open.org/committees/process.php)
Here is the paragraph in the WSS charter that explicitly defines the SCOPE of the TC:
The scope of the Web Services Security Technical Committee is the support of security mechanisms in the following areas:
So when we talk about something being IN or OUT of scope, THIS is the definition that applies to our TC.
Now, I believe this scope can only be read two ways. Since this scope says nothing about the TC producing ANY token profiles, we can either define any number of token profiles that support the bullets defined in the scope, or we’ve already violated the scope of the charter in producing the various token profiles we’ve already built.
The charter then lists an **initial** set of deliverables that lists as:
That list did not EXPLICITLY include a Username/Password Token Profile, a REL Token Profile, or a SwA Token Profile, which the TC produced. Sure, the Username/Password Token was in the original “core” submission, but it wasn’t a deliverable. Support for attachments was tangentially mentioned in an input document, but it wasn’t a deliverable. The REL Profile is NOT the same as an XrML Token Profile.
And I’d like to call attention to XCBF. Do folks remember this work item we took up at one point? The minutes from the Dec-2002 Baltimore F2F discuss it, but Kelvin summarized in a follow-up email ([wss] XCBF profile). At that time, “”3. It was agreed that this was another profile that should be worked on”.
Work was done on this profile for about a year IIRC. The point is that the TC decided it was appropriate to work on it and it was started. I believe the same may have been true about the proposal for the “minimalist” profile. I didn’t hear anyone yelling about that one being out of scope at the time. It was dropped not because of a scope issue, but because of a prioritization issue/lack of interest.
So the argument that taking up an OTP Token profile is out of scope is, IMO, way off base.