[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: I have changed my mind about WSPL being in scope
I am writing to say publicly that I believe I was in error previously in thinking that WSPL falls with in the scope defined by the XACML TC charter. I have not changed my opinion that it is a useful piece of work, just that I do not believe under OASIS TC Process rules that we can progress the document any further in its present form. I have come to this conclusion not from any consideration of the quality of the document or any external considerations, but purely from a consideration of the relevant documents. I apologise to everyone for the fact that I did not give this matter sufficient attention, when the work was first proposed. Until a couple of days ago, I had taken the somewhat simple minded view that since XACML was in scope and WSPL was an XACML Profile, therefore the work was in scope. Then I did what I should have done some time ago -- I carefully read the Charter, TC Process and WSPL sections on scope. Here is what I found. The TC charter says: The XACML Technical Committee will define a core XML schema for representing authorization and entitlement policies, also called XACML. [...] The XACML Technical Committee will identify bindings to existing protocols (e.g., XPath, LDAP), and define new protocols, if necessary, as means of accessing and communicating the policies. ----------- Section 1.4 of the WSPL document makes it clear that the scope of the policy covered by WSPL is much broader than this, encompassing: "[...] reliable messaging, privacy, authorization, trust, authentication and cryptographic security." ------ The OASIS TC Process says: "The TC may clarify its charter only for the purpose of removing ambiguity or for narrowing the scope of the topic defined by the charter. The TC may not broaden or otherwise change its scope of the topic of work. The list of deliverables may be expanded if the new deliverables are within the scope of the topic; work on a further version of a specification after completion of the original deliverable requires a clarification of the charter." ----- I do not see how any reasonable interpretation of "authorization and entitlement policies" can be stretched to include "reliable messaging, privacy, [...] trust." Clearly "authorization" is ok. "Authentication and cryptographic security" might be considered to be more of a gray area. Therefore I am forced to reluctantly conclude that the WSPL document in its current form, appears to go beyond the scope defined in the charter of the TC. I recognize that others may not agree with my analysis. I know that some people have proposed we hold an email vote on accepting this as a Committee Draft. I will not oppose such a vote if it is the wish of the authors and the TC. In any event I hope we can find an amicable approach to this issue which is consistent with the OASIS TC Process. ----- On a related issue, Tony has suggested that there may be IPR issues related to this specification. I have carefully reviewed the relevant areas of the TC process and the OASIS IPR Policy and I am confident we are in full compliance with both of them in respect to any IPR related to this document. I will take this opportunity to remind everyone that all OASIS members have an affirmative duty to report any IPR claims that they are aware of with respect to this work or any other work of the committee. Again I apologise to the TC for my error and my tardiness in discovering it. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]