RE: Requirements & F2F minutes update from Blair Dillaway on 2002-05-08 (www-xkms@w3.org from May 2002)

From: Blair Dillaway <blaird@microsoft.com>
Date: Wed, 8 May 2002 10:12:38 -0700
To: <Yassir.Elley@sun.com>, "Frederick Hirsch" <hirsch@fjhirsch.com>
Cc: <www-xkms@w3.org>
Message-ID: <14806ED6BEEB4144A5EBFA47B78635280674F2B7@red-msg-06.redmond.corp.microsoft.com>
Yassir,

I detect an agreement in principal here, just some wording issues.  I
concerned about us mandating an implementation for something that isn't
yet a standard.  We could argue ourselves into a position where we're
blocked pending XML-P making progress.

I'm Ok with language along the lines you suggest.  How about the
following:

a) The specification MUST provide a binding to SOAP 1.2, provided that
specification has reached CR status prior to the XKMS WG completing its
work, and provide a binding to SOAP 1.1 (for interoperability purposes).

b) XKMS services MUST implement SOAP 1.2 once that specification has
achieved Recommendation status (Joseph - is this the correct W3C wording
to indicate an approved standard?)



-----Original Message-----
From: Yassir.Elley@sun.com [mailto:Yassir.Elley@sun.com] 
Sent: Wednesday, May 08, 2002 9:38 AM
To: Frederick Hirsch
Cc: www-xkms@w3.org
Subject: Re: Requirements & F2F minutes update


Firstly, for the sake of clarity, my understanding is that SOAP 1.1 was
submitted to the XML Protocol WG, which is working on SOAP 1.2.
Therefore, 
the term "XML Protocol" is interchangeable with "SOAP 1.2". It is not 
interchangeable with the term "SOAP 1.1". Therefore, phrases like "XML 
Protocol, including both SOAP 1.1 and 1.2" and "XML Protocol as defined
in SOAP 
1.1" don't really make sense because XML Protocol does not include SOAP
1.1 nor is it defined in SOAP 1.1. If my understanding is incorrect,
please correct me.

Secondly, I believe neither the current wording in the requirements
document nor the proposed wording below reflect the consensus achieved
at the F2F meeting. Specifically, we don't want to say "Every XKMS
service MUST implement SOAP 1.1", since it is potentially encumbered. I
am fairly flexibly on the rest of the wording.

According to the minutes:
"Resolution: Target 1.2 for normative purposes. Add requirement in the
bindings section: Services must implement SOAP 1.2, and may have other
bindings. E.g., constrained devices, etc. May also provide 1.1 interop
or profiling (different namespaces, etc)."

Because of the potential IPR issues with SOAP 1.1, and because the XKMS
WG is chartered as Royalty Free, we had decided that we would make SOAP
1.2 mandatory to implement and would not require implementation of SOAP
1.1 at all. We had also decided that, for the sake of interoperability,
we would specify a SOAP 
1.1 binding, but would not require implementation of it.

With regard to the schedule issues, I believe it was mentioned at the
meeting that SOAP 1.2 is nearing Last Call. Since the XKMS spec is not
nearing Last Call, it is probably safe to say "every XKMS service MUST
implement SOAP 1.2." Clearly, that is our intent, modulo scheduling
issues. With regard to 
"revisiting the question of whether implementors must support 
SOAP 1.2 should that specification reach CR status prior to the XKMS WG
completing our work," I'm not sure how that works with respect to a 
Requirements Document that uses the word MUST. In other words, if our
Requirements Document states that "Every XKMS service MUST implement
SOAP 1.1" and that Requirements Document progresses to CR, can we later
decide to 
ignore that requirement in the spec? Can we still claim conformance with
the Requirements? One way around this may be to use "SHOULD" or "MAY"
instead of "MUST".

Revised proposed wording (taken basically from the minutes):

a) The specification MUST provide a binding to SOAP 1.2 and
(MAY/SHOULD?) 
provide a binding to SOAP 1.1 (for interoperability purposes).

b) Every XKMS service MUST implement SOAP 1.2 when standardized.

If this wording is not acceptable to anyone, please propose alternate
wording. As I said, I'm pretty flexible on the wording with the
exception of "Every XKMS service MUST implement SOAP 1.1.", which should
not be implied.

Regards,
Yassir.

>is this the idea:
>
>a. The specification MUST provide a binding to XML Protocol, including
>both SOAP 1.1 and 1.2.
>
>b. Every XKMS service MUST implement XML Protocol as defined in SOAP 
>1.1
>and SHOULD implement SOAP 1.2 when standardised."
>
>Blair Dillaway wrote:
>> I support adding a SOAP 1.2 binding to the spec given that it appears

>> to further along in the W3C process than the XKMS spec.  However, 
>> since the SOAP 1.2 spec has not yet reached last call status, much 
>> less candidate recommendation status, I believe it is premature to 
>> include language along the lines of "Every XKMS service MUST 
>> implement XML Protocol (SOAP 1.2)".
>> 
>> The only firm specification is SOAP 1.1 and it is the only SOAP 
>> specification for which there are multiple deployed implementations. 
>> So, I believe we must continue specifying a SOAP 1.1 binding and this

>> binding is the only one we can presently require for implementors.
>> 
>> I'm open to revisiting the question of whether implementors must 
>> support SOAP 1.2 should that specification reach CR status prior to 
>> the XKMS WG completing our work.
>> 
>> Blair
>> 
>> -----Original Message-----
>> From: Frederick Hirsch [mailto:hirsch@fjhirsch.com]
>> Sent: Tuesday, May 07, 2002 4:47 PM
>> To: Yassir Elley
>> Cc: Shivaram Mysore; www-xkms@w3.org
>> Subject: Re: Requirements & F2F minutes update
>> 
>> 
>> I thought we decided that 1.2 was required but that 1.1 was as well 
>> due
>> to the need to interoperate with existing implementations. I heard us

>> say that the impact of requiring both would be minimal.
>> 
>> If we change the requirements to only require 1.2 shall we also add 
>> the
>> wording that "servers SHOULD also support 1.1"?
>> 
>> Thanks for the additional comments
>> 
>> < Frederick
>> 
>> Frederick Hirsch
>> 
>> Yassir Elley wrote:
>> 
>>>Frederick and Mike have done a great job with the Requirements
>>>document. Thanks!
>>>
>>>I do have a few comments on the May 2002 Draft.
>>>
>>>2.1.4
>>>We agreed at the meeting that the normative reference will be to SOAP
>>>1.2, not SOAP 1.1. Suggested wording: "The specification MUST provide

>>>a binding to XML Protocol (SOAP 1.2) [<link to XML
>>>Protocol>] [List(Blair Dillaway, Yassir Elley)]. The 
>>>Protocol>XKMSspecification
>> 
>> 
>>>Protocol>is required to
>>>profile XML Protocol for interoperability, including use of document
>>>literal including."
>>>
>>>2.1.5
>>>We agreed at the meeting that the normative reference will be to SOAP
>>>1.2, not SOAP 1.1. Suggested wording: "Every XKMS service MUST 
>>>implement XML Protocol (SOAP 1.2)"
>>>
>>>2.2.4
>>>A space is needed between or and payload. Suggested wording: "...,
>>>either transport security or payload protection."
>>>
>>>2.4.11
>>>I think the words "Protocol schedule" are missing here. Suggested
>>>wording: "... XML Protocol bindings may be published as a separate 
>>>document from the specification to avoid dependencies on the XML 
>>>Protocol schedule. ..."
>>>
>>>2.5.4
>>>I am not sure the term "PKIX" is relevant here. "X.509" is probably
>>>adequate. Also, XML DSIG refers to it as X509Certificate, not 
>>>X509Cert. Suggested wording: "The X509Certificate KeyInfo format MUST

>>>be supported by a trust server if the service claims interoperability

>>>with X.509."
>>>
>>>Also, neither X509Chain nor OCSP are defined in the XML Signature
>>>spec. Suggested wording: "X509Chain and OCSP MUST be defined in the 
>>>XKMS specifications." and probably remove the following sentence, or 
>>>change it to "X509CRL is defined in the XML Signature
recommendation."
>>>
>>>3 Out of Scope
>>>Please add my name as the source for item 18. i.e. add "[List (Yassir
>>>Elley)]"
>>>
>>>-Yassir.
>>>
>>>Shivaram Mysore wrote:
>>>
>>>
>>>
>>>>All,
>>>>
>>>>The Minutes [1] for F2F meeting held on 23 April have been uploaded 
>>>>on
>>>
>> 
>>>>to the site.  Please send in your comments/corrections to the list.
>>>>Also please take a look at your AI and send resolutions to the list.
>>>>
>>>>Thanks to Merlin Hughes and Glenn Fink for the excellent notes.
>>>>
>>>>Also, the new version of Requirements [2] have been uploaded to the
>>>>website. Please send in your comments to the list.  Thanks to 
>>>>Frederick Hirsch and Mike Just for the excellent work.
>>>>
>>>>[1]
>>>>http://www.w3.org/2001/XKMS/Minutes/20020423-f2f2-draft-minutes.html
>>>>[2] http://www.w3.org/2001/XKMS/Drafts/xkms-req.html
>>>>
>>>>/Shivaram
>>>>____________________________________________________________________
__
>>>>_________
>>>>Shivaram H. Mysore <shivaram.mysore@sun.com>
>>>>
>>>>Software Engineer                               Co-Chair, W3C's XKMS
>>>
>> WG
>> 
>>>>Java Card Engineering
>>>
>> http://www.w3.org/2001/XKMS
>> 
>>>>JavaSoft, Sun Microsystems Inc.
>>>>
>>>>Direct: (408)276-7524
>>>>Fax:    (408)276-7608
>>>>
>>>>http://java.sun.com/people/shivaram  (Internal: 
>>>>http://mysore.sfbay/)
>>>>____________________________________________________________________
__
>>>>_________
>>>
>>>
>>>
>> 
>> 
>> 
>
>
>
Received on Wednesday, 8 May 2002 13:13:10 UTC