RE: Requirements & F2F minutes update

In regards to the 2nd point, I think we need advice from Joseph

My understanding is that a W3C spec process is that you can't include
dependencies on anything less advanced.  So, I believe the XKMS WG could
wrap up our work and go to CR status so long as SOAP 1.2 is also at CR
status.  Then SOAP 1.2 and XKSM need to be recommendations to be
considered standards, which is when we know the spec is no longer
subject to change and folks can implement with confidence.

I'm fine with "SHOULD provide a SOAP 1.1 binding ...".

Blair

-----Original Message-----
From: Yassir Elley [mailto:yassir.elley@sun.com] 
Sent: Thursday, May 09, 2002 7:50 AM
To: Blair Dillaway
Cc: Frederick Hirsch; www-xkms@w3.org
Subject: Re: Requirements & F2F minutes update


Blair,

Comments below:

Blair Dillaway wrote:

> Yassir,
>
> I detect an agreement in principal here, just some wording issues.  I 
> concerned about us mandating an implementation for something that 
> isn't yet a standard.  We could argue ourselves into a position where 
> we're blocked pending XML-P making progress.

Yes, I agree it is just a matter of fine-tuning the wording.

>
>
> I'm Ok with language along the lines you suggest.  How about the
> following:
>
> a) The specification MUST provide a binding to SOAP 1.2, provided that

> specification has reached CR status prior to the XKMS WG completing 
> its work, and provide a binding to SOAP 1.1 (for interoperability 
> purposes).
>
> b) XKMS services MUST implement SOAP 1.2 once that specification has 
> achieved Recommendation status (Joseph - is this the correct W3C 
> wording

> to indicate an approved standard?)

Two questions for clarification:

1) Why are you distinguishing between CR (Candidate Recommendation) in
(a) and Recommendation in (b)? Was this on purpose? I would think we
would want CR in both (a) and (b), but I am not that familiar with W3C
process (Joseph?).

2) With regard to (a), what is your proposed qualifier before "...
provide a binding to SOAP 1.1". (MUST/SHOULD/MAY)?

I think we are almost there.

-Yassir.


>
> -----Original Message-----
> From: Yassir.Elley@sun.com [mailto:Yassir.Elley@sun.com]
> Sent: Wednesday, May 08, 2002 9:38 AM
> To: Frederick Hirsch
> Cc: www-xkms@w3.org
> Subject: Re: Requirements & F2F minutes update
>
> Firstly, for the sake of clarity, my understanding is that SOAP 1.1 
> was submitted to the XML Protocol WG, which is working on SOAP 1.2. 
> Therefore, the term "XML Protocol" is interchangeable with "SOAP 1.2".

> It is not interchangeable with the term "SOAP 1.1". Therefore, phrases

> like "XML Protocol, including both SOAP 1.1 and 1.2" and "XML Protocol

> as defined in SOAP
> 1.1" don't really make sense because XML Protocol does not include
SOAP
> 1.1 nor is it defined in SOAP 1.1. If my understanding is incorrect,
> please correct me.
>
> Secondly, I believe neither the current wording in the requirements 
> document nor the proposed wording below reflect the consensus achieved

> at the F2F meeting. Specifically, we don't want to say "Every XKMS 
> service MUST implement SOAP 1.1", since it is potentially encumbered. 
> I am fairly flexibly on the rest of the wording.
>
> According to the minutes:
> "Resolution: Target 1.2 for normative purposes. Add requirement in the

> bindings section: Services must implement SOAP 1.2, and may have other

> bindings. E.g., constrained devices, etc. May also provide 1.1 interop

> or profiling (different namespaces, etc)."
>
> Because of the potential IPR issues with SOAP 1.1, and because the 
> XKMS WG is chartered as Royalty Free, we had decided that we would 
> make SOAP 1.2 mandatory to implement and would not require 
> implementation of SOAP 1.1 at all. We had also decided that, for the 
> sake of interoperability, we would specify a SOAP 1.1 binding, but 
> would not require implementation of it.
>
> With regard to the schedule issues, I believe it was mentioned at the 
> meeting that SOAP 1.2 is nearing Last Call. Since the XKMS spec is not

> nearing Last Call, it is probably safe to say "every XKMS service MUST

> implement SOAP 1.2." Clearly, that is our intent, modulo scheduling 
> issues. With regard to "revisiting the question of whether 
> implementors must support SOAP 1.2 should that specification reach CR 
> status prior to the XKMS WG completing our work," I'm not sure how 
> that works with respect to a Requirements Document that uses the word 
> MUST. In other words, if our Requirements Document states that "Every 
> XKMS service MUST implement SOAP 1.1" and that Requirements Document 
> progresses to CR, can we later decide to
> ignore that requirement in the spec? Can we still claim conformance
with
> the Requirements? One way around this may be to use "SHOULD" or "MAY"
> instead of "MUST".
>
> Revised proposed wording (taken basically from the minutes):
>
> a) The specification MUST provide a binding to SOAP 1.2 and
> (MAY/SHOULD?)
> provide a binding to SOAP 1.1 (for interoperability purposes).
>
> b) Every XKMS service MUST implement SOAP 1.2 when standardized.
>
> If this wording is not acceptable to anyone, please propose alternate 
> wording. As I said, I'm pretty flexible on the wording with the 
> exception of "Every XKMS service MUST implement SOAP 1.1.", which 
> should not be implied.
>
> Regards,
> Yassir.
>
> >is this the idea:
> >
> >a. The specification MUST provide a binding to XML Protocol, 
> >including both SOAP 1.1 and 1.2.
> >
> >b. Every XKMS service MUST implement XML Protocol as defined in SOAP 
> >1.1 and SHOULD implement SOAP 1.2 when standardised."
> >
> >Blair Dillaway wrote:
> >> I support adding a SOAP 1.2 binding to the spec given that it 
> >> appears
>
> >> to further along in the W3C process than the XKMS spec.  However, 
> >> since the SOAP 1.2 spec has not yet reached last call status, much 
> >> less candidate recommendation status, I believe it is premature to 
> >> include language along the lines of "Every XKMS service MUST 
> >> implement XML Protocol (SOAP 1.2)".
> >>
> >> The only firm specification is SOAP 1.1 and it is the only SOAP 
> >> specification for which there are multiple deployed 
> >> implementations. So, I believe we must continue specifying a SOAP 
> >> 1.1 binding and this
>
> >> binding is the only one we can presently require for implementors.
> >>
> >> I'm open to revisiting the question of whether implementors must 
> >> support SOAP 1.2 should that specification reach CR status prior to

> >> the XKMS WG completing our work.
> >>
> >> Blair
> >>
> >> -----Original Message-----
> >> From: Frederick Hirsch [mailto:hirsch@fjhirsch.com]
> >> Sent: Tuesday, May 07, 2002 4:47 PM
> >> To: Yassir Elley
> >> Cc: Shivaram Mysore; www-xkms@w3.org
> >> Subject: Re: Requirements & F2F minutes update
> >>
> >>
> >> I thought we decided that 1.2 was required but that 1.1 was as well

> >> due to the need to interoperate with existing implementations. I 
> >> heard us
>
> >> say that the impact of requiring both would be minimal.
> >>
> >> If we change the requirements to only require 1.2 shall we also add

> >> the wording that "servers SHOULD also support 1.1"?
> >>
> >> Thanks for the additional comments
> >>
> >> < Frederick
> >>
> >> Frederick Hirsch
> >>
> >> Yassir Elley wrote:
> >>
> >>>Frederick and Mike have done a great job with the Requirements 
> >>>document. Thanks!
> >>>
> >>>I do have a few comments on the May 2002 Draft.
> >>>
> >>>2.1.4
> >>>We agreed at the meeting that the normative reference will be to 
> >>>SOAP 1.2, not SOAP 1.1. Suggested wording: "The specification MUST 
> >>>provide
>
> >>>a binding to XML Protocol (SOAP 1.2) [<link to XML
> >>>Protocol>] [List(Blair Dillaway, Yassir Elley)]. The 
> >>>Protocol>XKMSspecification
> >>
> >>
> >>>Protocol>is required to
> >>>profile XML Protocol for interoperability, including use of 
> >>>document literal including."
> >>>
> >>>2.1.5
> >>>We agreed at the meeting that the normative reference will be to 
> >>>SOAP 1.2, not SOAP 1.1. Suggested wording: "Every XKMS service MUST

> >>>implement XML Protocol (SOAP 1.2)"
> >>>
> >>>2.2.4
> >>>A space is needed between or and payload. Suggested wording: "..., 
> >>>either transport security or payload protection."
> >>>
> >>>2.4.11
> >>>I think the words "Protocol schedule" are missing here. Suggested
> >>>wording: "... XML Protocol bindings may be published as a separate 
> >>>document from the specification to avoid dependencies on the XML 
> >>>Protocol schedule. ..."
> >>>
> >>>2.5.4
> >>>I am not sure the term "PKIX" is relevant here. "X.509" is probably

> >>>adequate. Also, XML DSIG refers to it as X509Certificate, not 
> >>>X509Cert. Suggested wording: "The X509Certificate KeyInfo format 
> >>>MUST
>
> >>>be supported by a trust server if the service claims 
> >>>interoperability
>
> >>>with X.509."
> >>>
> >>>Also, neither X509Chain nor OCSP are defined in the XML Signature 
> >>>spec. Suggested wording: "X509Chain and OCSP MUST be defined in the

> >>>XKMS specifications." and probably remove the following sentence, 
> >>>or change it to "X509CRL is defined in the XML Signature
> recommendation."
> >>>
> >>>3 Out of Scope
> >>>Please add my name as the source for item 18. i.e. add "[List 
> >>>(Yassir Elley)]"
> >>>
> >>>-Yassir.
> >>>
> >>>Shivaram Mysore wrote:
> >>>
> >>>
> >>>
> >>>>All,
> >>>>
> >>>>The Minutes [1] for F2F meeting held on 23 April have been 
> >>>>uploaded on
> >>>
> >>
> >>>>to the site.  Please send in your comments/corrections to the 
> >>>>list. Also please take a look at your AI and send resolutions to 
> >>>>the list.
> >>>>
> >>>>Thanks to Merlin Hughes and Glenn Fink for the excellent notes.
> >>>>
> >>>>Also, the new version of Requirements [2] have been uploaded to 
> >>>>the website. Please send in your comments to the list.  Thanks to 
> >>>>Frederick Hirsch and Mike Just for the excellent work.
> >>>>
> >>>>[1] 
> >>>>http://www.w3.org/2001/XKMS/Minutes/20020423-f2f2-draft-minutes.ht
> >>>>ml
> >>>>[2] http://www.w3.org/2001/XKMS/Drafts/xkms-req.html
> >>>>
> >>>>/Shivaram 
> >>>>__________________________________________________________________
> >>>>__
> __
> >>>>_________
> >>>>Shivaram H. Mysore <shivaram.mysore@sun.com>
> >>>>
> >>>>Software Engineer                               Co-Chair, W3C's
XKMS
> >>>
> >> WG
> >>
> >>>>Java Card Engineering
> >>>
> >> http://www.w3.org/2001/XKMS
> >>
> >>>>JavaSoft, Sun Microsystems Inc.
> >>>>
> >>>>Direct: (408)276-7524
> >>>>Fax:    (408)276-7608
> >>>>
> >>>>http://java.sun.com/people/shivaram  (Internal:
> >>>>http://mysore.sfbay/) 
> >>>>__________________________________________________________________
> >>>>__
> __
> >>>>_________
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >
> >
> >

Received on Thursday, 9 May 2002 11:36:25 UTC