[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: OTP and the "charter" discussion.
Okay – I’ll start First, IMO, the claim that the proposal
for the TC to take up a work item on an additional token profile is out of
scope of the charter is wrong. Before responding, I STRONGLY recommend
that people go back and read the following carefully: a) the current TC charter (http://www.oasis-open.org/committees/wss/charter.php) b) the OASIS TC process (http://www.oasis-open.org/committees/process.php) Here is the paragraph in the WSS charter that
explicitly defines the SCOPE of the TC: ------------------------------------------ The scope
of the Web Services Security Technical Committee is the support of security
mechanisms in the following areas:
------------------------------------------ So when we talk about something being IN
or OUT of scope, THIS is the definition that applies to our TC. Now, I believe this scope can only be read
two ways. Since this scope says nothing about the TC producing ANY token
profiles, we can either define any number of token profiles that support the
bullets defined in the scope, or we’ve already violated the scope of the
charter in producing the various token profiles we’ve already built.
The charter then lists an **initial** set
of deliverables that lists as:
That list did not EXPLICITLY include
a Username/Password Token Profile, a REL Token Profile, or a SwA Token Profile,
which the TC produced. Sure, the Username/Password Token was in the
original “core” submission, but it wasn’t a
deliverable. Support for attachments was tangentially mentioned in an
input document, but it wasn’t a deliverable. The REL Profile is NOT
the same as an XrML Token Profile. And I’d like to call attention to
XCBF. Do folks remember this work item we took up at one point? The
minutes from the Dec-2002 Baltimore F2F discuss it, but Kelvin summarized in a
follow-up email ([wss] XCBF profile). At that time, “”3. It was
agreed that this was another profile that should be worked on”. Work was done on this profile for about a
year IIRC. The point is that the TC decided it was appropriate to work on
it and it was started. I believe the same may have been true about the
proposal for the “minimalist” profile. I didn’t hear anyone
yelling about that one being out of scope at the time. It was dropped not
because of a scope issue, but because of a prioritization issue/lack of
interest. So the argument that taking up an OTP
Token profile is out of scope is, IMO, way off base. Rob Philpott From: Kelvin Lawrence
[mailto:klawrenc@us.ibm.com]
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]