RE: D-AG0016 - Technology Gaps

Re-usability of common, agree-upon, XML schema pertaining to required 
SOAP messaging characteristics should definitely be a goal.
 
>For example, SAML has a browser-binding for browser single sign-on.  My
guess 
>is that this is not something that we would want in ws-sec 1.0.  Further,
SAML has 
>a variety of queries, like attributes, authentications, authorizations.
Which of these 
>are needed for ws-sec 1.0?  
>
>That covers the modularity issue.  Now what about specific features
deficits?  Say the 
>WSAWG has a specific recommendation on a change/fix/enhancement that would 
>be necessary for recommendation.  We would clearly need to liase with them
on 
>these issues.  An example feature tha SAML doesn't cover is performing
credential 
>transmission, and that seems needed for web services security.    
 
I also agree that w.r.t. SAML security components/primitives there is
oppurturnities 
to limit and enhance/fix some areas. I like to see that we undertake such
tasks with
specific, agreed-upon,  web services security use cases. 
 
Additionally, we need to determine a process where such enhancements in 
specific areas are coordinated with required TCs/WGs in (W3C/OASIS). Use
case
based approach of driving these changes with required specification groups 
will be an effective way.
 
 
Zahid Ahmed 
Commerce Security Architect 
Commerce One, Inc.
408-517-3903
 
-----Original Message-----
From: David Orchard [ mailto:david.orchard@bea.com
<mailto:david.orchard@bea.com> ]
Sent: Thursday, March 14, 2002 8:38 AM
To: 'Vinoski, Stephen'; 'Anne Thomas Manes'
Cc: www-ws-arch@w3.org <mailto:www-ws-arch@w3.org> 
Subject: RE: D-AG0016 - Technology Gaps


This is clearly off the topic of technology gaps, but a very important issue
for us to discuss.  Perhaps the subject line should be "recommending
specifications process".  I agree that we don't want to replicate existing
work.  However, the W3C has NEVER rubber stamped outside works.   Companies
that weren't involved in the specification writing tend to voice cocern on
AC forum when it comes time for voting on charters.  
 
We didn't do it with SOAP 1.1 or WSDL 1.1, why would this suddenly change?
I point out that WSDL had almost 30 cosubmitters and has at least 7
commercial implementations that were at the latest SOAP builders interop.  
 
Now let's look at the SAML example.  I speak from some experience as I was
active in the effort.  SAML is probably one of the better candidates for
some kind of recommendation by the wsa.  SAML covers a number of areas, some
of which are interesting to XML based Web Services and some which aren't.
For example, SAML has a browser-binding for browser single sign-on.  My
guess is that this is not something that we would want in ws-sec 1.0.
Further, SAML has a variety of queries, like attributes, authentications,
authorizations.  Which of these are needed for ws-sec 1.0?  
 
That covers the modularity issue.  Now what about specific features
deficits?  Say the WSAWG has a specific recommendation on a
change/fix/enhancement that would be necessary for recommendation.  We would
clearly need to liase with them on these issues.  An example feature tha
SAML doesn't cover is performing credential transmission, and that seems
needed for web services security.    
 
My point is really that I doubt that simply recommending another spec will
be sufficient.  I'm becoming convinced we will have to charter a particular
set of people, either through a new working group or a liaison effort, to
accomplish the delivery of something that is reasonable for our specific
needs.  I'd like to be wrong on this one BTW.
 
I also want to re-emphasize that I totally believe that we should not
re-invent the wheel and we should re-use "where appropriate".
<curmudgeon>But I have repeatedly found in the past that re-use is rarely a
simple matter, and often takes more time than one expects.  </curmudgeon>
 
Cheers,
Dave

-----Original Message-----
From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On
Behalf Of Vinoski, Stephen
Sent: Wednesday, March 13, 2002 8:24 AM
To: Anne Thomas Manes
Cc: www-ws-arch@w3.org
Subject: RE: D-AG0016 - Technology Gaps


I fully agree with Anne on this.
 
--steve

-----Original Message-----
From: Anne Thomas Manes [mailto:anne@manes.net]
Sent: Wednesday, March 13, 2002 9:22 AM
To: www-ws-arch@w3.org
Subject: RE: D-AG0016 - Technology Gaps


I don't think we can limit ourselves to W3C technologies. We should also
reference other standard specifications.
 
Let's look at a real example: SAML.
 
It's an OASIS standard. I don't think that we want to replicate this work.
We should reference this work. When you want to pass security assertions,
you should use SAML to represent them. What we (a W3C ws-sec WG) will have
to do is specify a SOAP extension that specifies how these assertions should
be carried in a SOAP message.
 
Regards,
Anne

-----Original Message-----
From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On
Behalf Of Yin Leng Husband
Sent: Wednesday, March 13, 2002 6:46 AM
To: Austin, Daniel; 'Damodaran, Suresh'; 'David Orchard'; www-ws-arch@w3.org
Subject: RE: D-AG0016 - Technology Gaps



I have tried to capture the points raised below, into a previous proposal,
in the following 

"identify architectural and technology gaps that prevent interoperability;

 identify existing W3C technologies that support interoperability; 

and recommend formation of working groups to formulate new, 

or to standardize existing, specifications or technologies for 

 filling the gaps".

 

Comments?

 

Regards, 
Yin Leng 


  

-----Original Message-----
From: Austin, Daniel [mailto:Austin.D@ic.grainger.com] 
Sent: Wednesday, 13 March 2002 8:47 AM
To: 'Damodaran, Suresh'; 'David Orchard'; www-ws-arch@w3.org
Subject: RE: D-AG0016 - Technology Gaps

 

Hi All,

-----Original Message-----
From: Damodaran, Suresh [mailto:Suresh_Damodaran@stercomm.com]
Sent: Tuesday, March 12, 2002 12:55 PM
To: 'David Orchard'; www-ws-arch@w3.org
Subject: RE: D-AG0016 - Technology Gaps

David,

 

Interesting you say that "if we find an existing spec that fits our bill,
we're going to have to charter up a WG to deal with it" 

Is this the way W3C has always done business?
[Austin, Daniel] 

 

I think W3C has tried to minimize the number of new standards under
discussion at any one time. There is only so much bandwidth and resources
available.

 

While, I am inclined to think we can/should keep this option open, I can
think of other approaches as well.

- working jointly with another standards organization (e.g., IETF)

- creating liaisons with other standards committees and organizations (I
don't know of any example from W3C

off hand, somebody in the list may) so that the other standards organization
would coordinate their work with W3C
[Austin, Daniel] 

 

Examples would be the W3C-WAP Forum co-ordination group and the Voice
Browser-VXML Forum co-ordination group.

 

as for conformance, etc.
[Austin, Daniel] 

 

We should define what conformance means and let other groups e.g. WS-I
develop the testing technology and do the verification.  

 

I tried to create a sentence that captures all this as a goal statement, but
I couldn't (apologies)

 

Cheers,

-Suresh 

 

 

-----Original Message-----
X-Sybari-Space: 00000000 00000000 00000000 00000000
From: David Orchard [mailto:david.orchard@bea.com]
Sent: Monday, March 11, 2002 3:59 PM
To: www-ws-arch@w3.org
Subject: RE: D-AG0016 - Technology Gaps

I was wondering how this would come up...

 

What does it mean for the WG to recommend existing standards?  Would a W3C
Note (which isn't a standard) count?  

 

What if some tweaking of the spec is required for standardization, say
converting soap-sec into ws-sec and changing the namespace name?  Is the WSA
group going to do the nuts and bolts dirty work on re-using existing stuff -
like writing conformance test suites, publication schedules, conversion to
xmlspec dtd etc.?  There's a fair bit of work just doing errata.  I would
think we don't want to burden the WSA with this.  

 

I think that even if we find an existing spec that fits our bill, we're
going to have to charter up a WG to deal with it.  

 

How about "Identify architectural and technology gaps that prevent
interoperability to formulate standards-based remedies;  formation of new
working groups to standardize new or existing specifications or
technologies." ?

 

Cheers,

Dave

 

-----Original Message-----
From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On
Behalf Of Yin Leng Husband
Sent: Thursday, March 07, 2002 6:08 PM
To: Prasad Yendluri; Yin Leng Husband
Cc: www-ws-arch@w3.org
Subject: RE: D-AG0016 - Technology Gaps

This is a good point.  In fact, the charter says

"The Working Group should also identify what existing W3C technologies
already address functions required by the architecture identified."

I wanted to avoid a discussion over *whose* existing standards and
technologies at this point of high-level requirements

identification.  Therefore I took the path that in order to identify gaps,
existing technologies would be flushed out during the process.

 

Regards, 
Yin Leng 

  
  

-----Original Message-----
From: Prasad Yendluri [mailto:pyendluri@webmethods.com] 
Sent: Friday, 8 March 2002 11:33 AM
To: Yin Leng Husband
Cc: www-ws-arch@w3.org
Subject: Re: D-AG0016 - Technology Gaps

This is good point. However I think we should recommend existing standards
wherever available to avoid re-inventing. How about something on the lines: 

"Identify architectural and technology gaps that prevent interoperability to
formulate standards-based remedies;  recommending existing standards and
technologies where available and formation of new working groups where none
available." 

Regards, Prasad 

-------- Original Message -------- 


Subject: 

D-AG0016 - Technology Gaps


Resent-Date: 

Thu, 7 Mar 2002 20:14:38 -0500 (EST)


Resent-From: 

www-ws-arch@w3.org


Date: 

Fri, 8 Mar 2002 11:22:11 +1000


From: 

Yin Leng Husband <Yin-Leng.Husband@compaq.com>


To: 

www-ws-arch@w3.org

 I've taken an action item to drive DAG0016- Technology Gaps requirement
discussion. 
  The current proposed wording is 
 "DAG0016 
 [The Working Group will also act to] identify current gaps in architectural
interoperability and recommend standards-based remedies". 

  As this architecture group is clearly chartered not to design the gap
technologies itself, I would like to suggest changing to"identify
architectural and technology gaps that prevent interoperability; and
recommend formation of new working groups to formulate standards-based
remedies". 

   <?xml:namespace prefix = o ns = " urn:schemas-microsoft-com:office:office
<urn:schemas-microsoft-com:office:office> " /> 
  

Yin Leng


  

Received on Thursday, 14 March 2002 20:10:50 UTC