I have changed my mind about WSPL being in scope

["Hal Lockhart" <hlockhar@bea.com>]

I am writing to say publicly that I believe I was in error previously in
thinking that WSPL  falls with in the scope defined by the XACML TC charter.
I have not changed my opinion that it is a useful piece of work, just that I
do not believe under OASIS TC Process rules that we can progress the
document any further in its present form.  I have come to this conclusion
not from any consideration of the quality of the document or any external
considerations, but purely from a consideration of the relevant documents. I
apologise to everyone for the fact that I did not give this matter
sufficient attention, when the work was first proposed.

Until a couple of days ago, I had taken the somewhat simple minded view that
since XACML was in scope and WSPL was an XACML Profile, therefore the work
was in scope. Then I did what I should have done some time ago -- I
carefully read the Charter, TC Process and WSPL sections on scope. Here is
what I found.

The TC charter says:

The XACML Technical Committee will define a core XML schema for representing
authorization and entitlement policies, also called XACML.

[...]

The XACML Technical Committee will identify bindings to existing protocols
(e.g., XPath, LDAP), and define new protocols, if necessary, as means of
accessing and communicating the policies.

-----------

Section 1.4 of the WSPL document makes it clear that the scope of the policy
covered by WSPL is much broader than this, encompassing:

"[...] reliable messaging, privacy, authorization, trust, authentication and
cryptographic security."

------

The OASIS TC Process says:

"The TC may clarify its charter only for the purpose of removing ambiguity
or for narrowing the scope of the topic defined by the charter. The TC may
not broaden or otherwise change its scope of the topic of work. The list of
deliverables may be expanded if the new deliverables are within the scope of
the topic; work on a further version of a specification after completion of
the original deliverable requires a clarification of the charter."

-----

I do not see how any reasonable interpretation of "authorization and
entitlement policies" can be stretched to include "reliable messaging,
privacy, [...] trust." Clearly "authorization" is ok. "Authentication and
cryptographic security" might be considered to be more of a gray area.
Therefore I am forced to reluctantly conclude that the WSPL document in its
current form, appears to go beyond the scope defined in the charter of the
TC.

I recognize that others may not agree with my analysis. I know that some
people have proposed we hold an email vote on accepting this as a Committee
Draft. I will not oppose such a vote if it is the wish of the authors and
the TC. In any event I hope we can find an amicable approach to this issue
which is consistent with the OASIS TC Process.

-----

On a related issue, Tony has suggested that there may be IPR issues related
to this specification. I have carefully reviewed the relevant areas of the
TC process and the OASIS IPR Policy and I am confident we are in full
compliance with both of them in respect to any IPR related to this document.
I will take this opportunity to remind everyone that all OASIS members have
an affirmative duty to report any IPR claims that they are aware of with
respect to this work or any other work of the committee.

Again I apologise to the TC for my error and my tardiness in discovering it.

Hal