- From: Ahmed, Zahid <zahid.ahmed@commerceone.com>
- Date: Thu, 14 Mar 2002 17:10:30 -0800
- To: "'David Orchard'" <david.orchard@bea.com>, "'Vinoski, Stephen'" <steve.vinoski@iona.com>, "'Anne Thomas Manes'" <anne@manes.net>
- Cc: www-ws-arch@w3.org
- Message-ID: <C1E0143CD365A445A4417083BF6F42CC02F88FFE@C1plenaexm07.commerceone.com>
Re-usability of common, agree-upon, XML schema pertaining to required SOAP messaging characteristics should definitely be a goal. >For example, SAML has a browser-binding for browser single sign-on. My guess >is that this is not something that we would want in ws-sec 1.0. Further, SAML has >a variety of queries, like attributes, authentications, authorizations. Which of these >are needed for ws-sec 1.0? > >That covers the modularity issue. Now what about specific features deficits? Say the >WSAWG has a specific recommendation on a change/fix/enhancement that would >be necessary for recommendation. We would clearly need to liase with them on >these issues. An example feature tha SAML doesn't cover is performing credential >transmission, and that seems needed for web services security. I also agree that w.r.t. SAML security components/primitives there is oppurturnities to limit and enhance/fix some areas. I like to see that we undertake such tasks with specific, agreed-upon, web services security use cases. Additionally, we need to determine a process where such enhancements in specific areas are coordinated with required TCs/WGs in (W3C/OASIS). Use case based approach of driving these changes with required specification groups will be an effective way. Zahid Ahmed Commerce Security Architect Commerce One, Inc. 408-517-3903 -----Original Message----- From: David Orchard [ mailto:david.orchard@bea.com <mailto:david.orchard@bea.com> ] Sent: Thursday, March 14, 2002 8:38 AM To: 'Vinoski, Stephen'; 'Anne Thomas Manes' Cc: www-ws-arch@w3.org <mailto:www-ws-arch@w3.org> Subject: RE: D-AG0016 - Technology Gaps This is clearly off the topic of technology gaps, but a very important issue for us to discuss. Perhaps the subject line should be "recommending specifications process". I agree that we don't want to replicate existing work. However, the W3C has NEVER rubber stamped outside works. Companies that weren't involved in the specification writing tend to voice cocern on AC forum when it comes time for voting on charters. We didn't do it with SOAP 1.1 or WSDL 1.1, why would this suddenly change? I point out that WSDL had almost 30 cosubmitters and has at least 7 commercial implementations that were at the latest SOAP builders interop. Now let's look at the SAML example. I speak from some experience as I was active in the effort. SAML is probably one of the better candidates for some kind of recommendation by the wsa. SAML covers a number of areas, some of which are interesting to XML based Web Services and some which aren't. For example, SAML has a browser-binding for browser single sign-on. My guess is that this is not something that we would want in ws-sec 1.0. Further, SAML has a variety of queries, like attributes, authentications, authorizations. Which of these are needed for ws-sec 1.0? That covers the modularity issue. Now what about specific features deficits? Say the WSAWG has a specific recommendation on a change/fix/enhancement that would be necessary for recommendation. We would clearly need to liase with them on these issues. An example feature tha SAML doesn't cover is performing credential transmission, and that seems needed for web services security. My point is really that I doubt that simply recommending another spec will be sufficient. I'm becoming convinced we will have to charter a particular set of people, either through a new working group or a liaison effort, to accomplish the delivery of something that is reasonable for our specific needs. I'd like to be wrong on this one BTW. I also want to re-emphasize that I totally believe that we should not re-invent the wheel and we should re-use "where appropriate". <curmudgeon>But I have repeatedly found in the past that re-use is rarely a simple matter, and often takes more time than one expects. </curmudgeon> Cheers, Dave -----Original Message----- From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On Behalf Of Vinoski, Stephen Sent: Wednesday, March 13, 2002 8:24 AM To: Anne Thomas Manes Cc: www-ws-arch@w3.org Subject: RE: D-AG0016 - Technology Gaps I fully agree with Anne on this. --steve -----Original Message----- From: Anne Thomas Manes [mailto:anne@manes.net] Sent: Wednesday, March 13, 2002 9:22 AM To: www-ws-arch@w3.org Subject: RE: D-AG0016 - Technology Gaps I don't think we can limit ourselves to W3C technologies. We should also reference other standard specifications. Let's look at a real example: SAML. It's an OASIS standard. I don't think that we want to replicate this work. We should reference this work. When you want to pass security assertions, you should use SAML to represent them. What we (a W3C ws-sec WG) will have to do is specify a SOAP extension that specifies how these assertions should be carried in a SOAP message. Regards, Anne -----Original Message----- From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On Behalf Of Yin Leng Husband Sent: Wednesday, March 13, 2002 6:46 AM To: Austin, Daniel; 'Damodaran, Suresh'; 'David Orchard'; www-ws-arch@w3.org Subject: RE: D-AG0016 - Technology Gaps I have tried to capture the points raised below, into a previous proposal, in the following "identify architectural and technology gaps that prevent interoperability; identify existing W3C technologies that support interoperability; and recommend formation of working groups to formulate new, or to standardize existing, specifications or technologies for filling the gaps". Comments? Regards, Yin Leng -----Original Message----- From: Austin, Daniel [mailto:Austin.D@ic.grainger.com] Sent: Wednesday, 13 March 2002 8:47 AM To: 'Damodaran, Suresh'; 'David Orchard'; www-ws-arch@w3.org Subject: RE: D-AG0016 - Technology Gaps Hi All, -----Original Message----- From: Damodaran, Suresh [mailto:Suresh_Damodaran@stercomm.com] Sent: Tuesday, March 12, 2002 12:55 PM To: 'David Orchard'; www-ws-arch@w3.org Subject: RE: D-AG0016 - Technology Gaps David, Interesting you say that "if we find an existing spec that fits our bill, we're going to have to charter up a WG to deal with it" Is this the way W3C has always done business? [Austin, Daniel] I think W3C has tried to minimize the number of new standards under discussion at any one time. There is only so much bandwidth and resources available. While, I am inclined to think we can/should keep this option open, I can think of other approaches as well. - working jointly with another standards organization (e.g., IETF) - creating liaisons with other standards committees and organizations (I don't know of any example from W3C off hand, somebody in the list may) so that the other standards organization would coordinate their work with W3C [Austin, Daniel] Examples would be the W3C-WAP Forum co-ordination group and the Voice Browser-VXML Forum co-ordination group. as for conformance, etc. [Austin, Daniel] We should define what conformance means and let other groups e.g. WS-I develop the testing technology and do the verification. I tried to create a sentence that captures all this as a goal statement, but I couldn't (apologies) Cheers, -Suresh -----Original Message----- X-Sybari-Space: 00000000 00000000 00000000 00000000 From: David Orchard [mailto:david.orchard@bea.com] Sent: Monday, March 11, 2002 3:59 PM To: www-ws-arch@w3.org Subject: RE: D-AG0016 - Technology Gaps I was wondering how this would come up... What does it mean for the WG to recommend existing standards? Would a W3C Note (which isn't a standard) count? What if some tweaking of the spec is required for standardization, say converting soap-sec into ws-sec and changing the namespace name? Is the WSA group going to do the nuts and bolts dirty work on re-using existing stuff - like writing conformance test suites, publication schedules, conversion to xmlspec dtd etc.? There's a fair bit of work just doing errata. I would think we don't want to burden the WSA with this. I think that even if we find an existing spec that fits our bill, we're going to have to charter up a WG to deal with it. How about "Identify architectural and technology gaps that prevent interoperability to formulate standards-based remedies; formation of new working groups to standardize new or existing specifications or technologies." ? Cheers, Dave -----Original Message----- From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org]On Behalf Of Yin Leng Husband Sent: Thursday, March 07, 2002 6:08 PM To: Prasad Yendluri; Yin Leng Husband Cc: www-ws-arch@w3.org Subject: RE: D-AG0016 - Technology Gaps This is a good point. In fact, the charter says "The Working Group should also identify what existing W3C technologies already address functions required by the architecture identified." I wanted to avoid a discussion over *whose* existing standards and technologies at this point of high-level requirements identification. Therefore I took the path that in order to identify gaps, existing technologies would be flushed out during the process. Regards, Yin Leng -----Original Message----- From: Prasad Yendluri [mailto:pyendluri@webmethods.com] Sent: Friday, 8 March 2002 11:33 AM To: Yin Leng Husband Cc: www-ws-arch@w3.org Subject: Re: D-AG0016 - Technology Gaps This is good point. However I think we should recommend existing standards wherever available to avoid re-inventing. How about something on the lines: "Identify architectural and technology gaps that prevent interoperability to formulate standards-based remedies; recommending existing standards and technologies where available and formation of new working groups where none available." Regards, Prasad -------- Original Message -------- Subject: D-AG0016 - Technology Gaps Resent-Date: Thu, 7 Mar 2002 20:14:38 -0500 (EST) Resent-From: www-ws-arch@w3.org Date: Fri, 8 Mar 2002 11:22:11 +1000 From: Yin Leng Husband <Yin-Leng.Husband@compaq.com> To: www-ws-arch@w3.org I've taken an action item to drive DAG0016- Technology Gaps requirement discussion. The current proposed wording is "DAG0016 [The Working Group will also act to] identify current gaps in architectural interoperability and recommend standards-based remedies". As this architecture group is clearly chartered not to design the gap technologies itself, I would like to suggest changing to"identify architectural and technology gaps that prevent interoperability; and recommend formation of new working groups to formulate standards-based remedies". <?xml:namespace prefix = o ns = " urn:schemas-microsoft-com:office:office <urn:schemas-microsoft-com:office:office> " /> Yin Leng
Received on Thursday, 14 March 2002 20:10:50 UTC