[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Summary of Discussion about Submitting XACML (and SAML) to the ITU
On Thursday, September 9 there was a concall with Karl Best and Jamie Clark of the OASIS staff and Rob Philpott, representing SAML and me representing XACML. The following information was provided by Karl and Jamie. OASIS has an agreement with the ITU (formerly the CCITT) to submit work to them for standardization. The work would simply be handed over as is and the ITU would essentially rubberstamp it. The would not propose to modify it or update it in any way. OASIS would retain exclusive rights to make updates or changes and create new versions. Only if OASIS chose to relinquish that right at some future date would the ITU have the option of working on the spec. There is also an understanding to the effect that once one version of a spec has been endorsed by the ITU, subsequent versions will get the same treatment more or less automatically. The ITU has expressed particular interest in standards relating to security, which is why SAML and XACML are under discussion. Apparently the ITU will consider anything OASIS choses to submit. However, OASIS's policy is only to submit specs which have "gone all the way through the OASIS process", i.e. OASIS Standards. Since OASIS and ITU have never done this before, the exact details are unclear at this time. However, Karl believes that this will mostly be done by the OASIS staff, with some help from the TC. It is not expected to involve significant new work. Actually, since OASIS "owns" specs which become OASIS Standards they do not technically have to get the approval of the TC only the OASIS Board. However, they would like to know if there are any objections and they would most likely follow any recommendations the TC cares to make. OASIS would like feedback from the TC by roughly the end of September if possible. As I see it, there are two major points: 1. Does anyone in the TC have any objections to OASIS doing this? Short of objections are there any questions or concerns that should be raised? If no one has any problem with this, I propose we pass a resolution to that effect at our next regular meeting on September 18th. 2. The second question is more vexed. What version of XACML should be submitted? OASIS will most likely do whatever the TC recommends here. As I see it we have three choices. a) Submit 1.0. It is complete and approved. Presumably the ITU can fold in the errata in some way. This would make the approval of 2.0 a done deal. On the other hand, 1.0 is already obsoleted by 1.1. b) Take another look at submitting 1.1 as a OASIS standard. Part of the reason for not submitting 1.1 was that there was no strong reason do do so. Perhaps this is the reason. I am pretty sure with a little effort we could come up with the necessary attestations, assuming the same criteria as for 1.0. We could do the public review and submission in parallel with the 2.0 work. I don't expect a lot of comments. The new 20% rule is an issue, but Karl says this is likely to be reversed soon and in any event we will have to face it for 2.0. c) Wait until we finish 2.0. The pros and cons of this are fairly obvious. Again, I would like to get everybody's opinion with the objective of voting on some recommendation on Sept 18th. My opinion on this is still evolving, so I want to listen to what others have to say. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]