Re: Comments on WSA Requirements from Christopher B Ferris on 2002-09-15 (www-wsa-comments@w3.org from September 2002)

From: Christopher B Ferris <chrisfer@us.ibm.com>
Date: Sun, 15 Sep 2002 11:33:07 -0400
To: reagle@w3.org
Cc: www-wsa-comments@w3.org, www-xkms@w3.org, w3c-wsa-editors@w3.org
Message-ID: <OF904E2F6B.17BDC878-ON85256C35.0053AE8F-85256C35.005553A4@rchland.ibm.com>
Joseph, 

Thanks for the thorough review of our draft requirements. Responses below.

Cheers,

Christopher Ferris
Architect, Emerging e-business Industry Architecture
email: chrisfer@us.ibm.com
phone: +1 508 234 3624

Joseph Reagle wrote on 08/23/2002 12:30:04 PM:

> 
> 
> These comments on [2] supercede my previous comments [1]
> 
> [1] http://lists.w3.org/Archives/Team/w3t-archive/2002May/0016.html
> [2] http://www.w3.org/TR/2002/WD-wsa-reqs-20020819
> 
>    3.2.1 Top-level Goals
> 
>    The Working Group has determined that at the highest level, its goals
>    can be divided into 6 categories. Each of these is associated with 
the
>    CSFs and requirements listed in [47]section 3.2.2
> 
> While it might be implied that these goals will be further expounded 
upon in 
> 3.2.2, it might be useful to state this.

done

> 
>   AC008 is consistent and coherent. This applies to both 
>   the reference architecture itself and the document that 
>   contains its definition.
> 
> What is a "reference architecture"?

The term "reference architecture" is defined in our glossary (which 
unfortunately
has not yet been published). However, I have changed the text to refer to 
the
Web Services Architecture which is our deliverable so as to make things a 
little
less confusing.

> 
>     D-AC001.1.1: Ensure that no individual implementor is favored 
>    over others.
> 
> While I continue to appreciate the sentiment, it sounds as if it will 
create 
> dead locks. What happens if you have to make an arbitrary technical 
> decision and *someone* benefits from it, can you not make the decision? 
A 
> decision will always benefit someone more than someone else, however, 
you 
> don't want this to be part of the reason for the decision. I think, 
> instead, you want something like, "decisions will be not be made on the 
> basis of favoring any particular implementor over others."

I like the wording you've proposed. I believe that it captures the 
sentiment
of the WG so I have changed our text accordingly.

> 
>      * AG004 Security
>        The Web Services Architecture must provide a secure environment
>        for online processes.
>        Critical success factors and requirements for this goal:
>           + [57]AC006 addresses the security of Web services across
>             distributed domains and platforms.
>           + [58]AC020 enables privacy protection for the consumer of a
>             Web service across multiple domains and services.
>      * AG005 Scalability and Extensibility
>        The web services architecture must promote implementations that
>        are scalable and extensible.
> 
> What do these terms mean: encourage/promote (perhaps use one?), enable, 
> provide, and support?
> 
> Encourage X: while out of scope of any technical specification, 
recommend X?
> Enable X: X can be implemented by using the facilities of the 
archtiecture 
> (does this mean X can be implemented using the facilities of the 
> architecture and nothing more?)
> Provie X: a concrete deliverable?
> Support X: Unlinke enable, X can be implemented by using the facilities 
of 
> the architecture amongst other piences?
> 
> (A term I sometimes also use is, "not preclude".)

I believe that your definitions are in line with ours. We have tried to
be consistent in use of these terms. I have changed the use of the term 
'promote'
to 'enable' as I believe that this was the intended meaning.

> 
> This is relevant to your later non-repudiation requirement. 
"Non-repudation" 
> is typically determined by a combination of algorithm (cryptography) 
> properties and policy/legal definitions. Do you plan to require 
particular 
> algorithms necessary for non-repudation? Or define what it means in your 

> context?
> 
>           + AR016.1 Identify what constitutes interoperability
>                o D-AR016.1.1 in architectural realm.
>                o D-AR016.1.2 in technological realm.
> 
> What's the difference between the architectural and technical realm?

This CSF and its subordinates has been completely rewritten.

>    AC020
>           + AC020.2 Advertised Web Service privacy policies MUST be
>             expressed in P3P.
> 
> Normative reference?

done. also added normative reference to OWL.
> 
>
Received on Sunday, 15 September 2002 11:33:45 UTC