[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] OTP and the "charter" discussion.
>The TC has on a number of occasions added work items WITHOUT doing anything to the charter. Exactly what items have we added? /paulc ________________________________ From: Philpott, Robert [mailto:firstname.lastname@example.org] Sent: Thu 29/09/2005 13:41 To: Paul Cotton; Frederick Hirsch Cc: Kelvin Lawrence; email@example.com Subject: RE: [wss] OTP and the "charter" discussion. Paul - did you READ my message? The TC has on a number of occasions added work items WITHOUT doing anything to the charter. This item is really no different. Rob Philpott Senior Consulting Engineer RSA Security Inc. Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020 Email: firstname.lastname@example.org I-name: =Rob.Philpott > -----Original Message----- > From: Paul Cotton [mailto:Paul.Cotton@microsoft.com] > Sent: Thursday, September 29, 2005 1:19 PM > To: Frederick Hirsch; Philpott, Robert > Cc: Kelvin Lawrence; email@example.com > Subject: RE: [wss] OTP and the "charter" discussion. > > > It seems reasonable to complete WSS profiles in the WSS TC which has > the expertise related to WSS. > > Since this work is not in our charter are you proposing we amend our > charter? > > /paulc > > Paul Cotton, Microsoft Canada > 17 Eleanor Drive, Nepean, Ontario K2E 6A3 > Tel: (613) 225-5445 Fax: (425) 936-7329 > mailto:Paul.Cotton@microsoft.com > > > > > > > -----Original Message----- > > From: Frederick Hirsch [mailto:firstname.lastname@example.org] > > Sent: September 29, 2005 12:59 PM > > To: ext Philpott, Robert > > Cc: Frederick Hirsch; Kelvin Lawrence; email@example.com > > Subject: Re: [wss] OTP and the "charter" discussion. > > > > +1 regarding Rob's comments on scope. > > > > It seems reasonable to complete WSS profiles in the WSS TC which has > > the expertise related to WSS. Attempting to produce profiles once the > > TC is no longer in existence would be much more difficult and, as has > > been noted on the list, the status > > of such profiles would be less clear that those produced by WSS. > > > > This appears to be an important area of work related to web services > > security. > > > > Do we have any idea how long it might take to produce an OTP profile? > > A few months? > > > > regards, Frederick > > > > Frederick Hirsch > > Nokia > > > > > > On Sep 20, 2005, at 1:14 PM, ext Philpott, Robert wrote: > > > > > Okay - I'll start > > > > > > > > > > > > First, IMO, the claim that the proposal for the TC to take up a > > > work item on an additional token profile is out of scope of the > > > charter is wrong. > > > > > > > > > > > > Before responding, I STRONGLY recommend that people go back and > > > read the following carefully: > > > > > > a) the current TC charter (http://www.oasis-open.org/ > > > committees/wss/charter.php) > > > > > > b) the OASIS TC process (http://www.oasis-open.org/committees/ > > > process.php) > > > > > > > > > > > > Here is the paragraph in the WSS charter that explicitly defines > > > the SCOPE of the TC: > > > > > > ------------------------------------------ > > > > > > The scope of the Web Services Security Technical Committee is the > > > support of security mechanisms in the following areas: > > > > > > Using XML signature to provide SOAP message integrity for Web > services > > > Using XML encryption to provide SOAP message confidentiality for > > > Web services > > > Attaching and/or referencing security tokens in headers of SOAP > > > messages > > > Carrying security information for potentially multiple, designated > > > actors > > > Associating signatures with security tokens > > > ------------------------------------------ > > > > > > So when we talk about something being IN or OUT of scope, THIS is > > > the definition that applies to our TC. > > > > > > > > > > > > Now, I believe this scope can only be read two ways. Since this > > > scope says nothing about the TC producing ANY token profiles, we > > > can either define any number of token profiles that support the > > > bullets defined in the scope, or we've already violated the scope > > > of the charter in producing the various token profiles we've > > > already built. > > > > > > > > > > > > The charter then lists an **initial** set of deliverables that > > > lists as: > > > > > > The "core"specification (final name TBD) > > > A SAML profile > > > An XrML profile > > > A Kerberos profile > > > An X.509 profile > > > That list did not EXPLICITLY include a Username/Password Token > > > Profile, a REL Token Profile, or a SwA Token Profile, which the TC > > > produced. Sure, the Username/Password Token was in the original > > > "core" submission, but it wasn't a deliverable. Support for > > > attachments was tangentially mentioned in an input document, but it > > > wasn't a deliverable. The REL Profile is NOT the same as an XrML > > > Token Profile. > > > > > > > > > > > > And I'd like to call attention to XCBF. Do folks remember this > > > work item we took up at one point? The minutes from the Dec-2002 > > > Baltimore F2F discuss it, but Kelvin summarized in a follow-up > > > email ([wss] XCBF profile). At that time, ""3. It was agreed that > > > this was another profile that should be worked on". > > > > > > > > > > > > Work was done on this profile for about a year IIRC. The point is > > > that the TC decided it was appropriate to work on it and it was > > > started. I believe the same may have been true about the proposal > > > for the "minimalist" profile. I didn't hear anyone yelling about > > > that one being out of scope at the time. It was dropped not > > > because of a scope issue, but because of a prioritization issue/ > > > lack of interest. > > > > > > > > > > > > So the argument that taking up an OTP Token profile is out of scope > > > is, IMO, way off base. > > > > > > > > > > > > Rob Philpott > > > Senior Consulting Engineer > > > RSA Security Inc. > > > Tel: 781-515-7115 > > > Mobile: 617-510-0893 > > > Fax: 781-515-7020 > > > Email: firstname.lastname@example.org > > > I-name: =Rob.Philpott > > > > > > From: Kelvin Lawrence [mailto:email@example.com] > > > Sent: Tuesday, September 20, 2005 12:20 PM > > > To: firstname.lastname@example.org > > > Subject: [wss] OTP Discussion > > > > > > > > > > > > > > > We need to find a way to close on the OTP Profile proposal. We have > > > not had much list traffic on this in the past several weeks but > > > today on the call there were clearly several very strong opinions > > > raised. I apologise that we ran out of time today. At the end of > > > the call we tried to start an e-Vote on the proposal as posted but > > > there were objections to that e-Vote also. Therefore, we really > > > need to discuss this here on the list in the next few days so that > > > we can get a decision for the folks that have introduced the > > > proposal no later than the next call. Please would people use this > > > e-mail to start that discussion. Please raise any objections you > > > have here or likewise express support here. This list is not in > > > anyway a binding vote but at least we can get the discussion > > > moving. It's hard to close tings like this when there is no list > > > traffic prior to the calls. At the next meeting we need to have a > > > vote to resolve this proposal one way or the other. Please come to > > > the next meeting prepared to vote. Also, if people have proposed > > > wording for the vote (there was a lot of discussion around that > > > today also) please post it and debate it here. It would be nice if > > > we could have a draft of the text for a motion ready before the > > > next call as a result of e-mail discussions here. Thanks. > > > > > > Cheers > > > Kelvin > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe from this mail list, you must leave the OASIS TC that > > generates this mail. You may a link to this group and all your TCs in > > OASIS > > at: > > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in > OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php