- From: Yassir Elley <yassir.elley@sun.com>
- Date: Thu, 09 May 2002 10:50:00 -0400
- To: Blair Dillaway <blaird@microsoft.com>
- CC: Frederick Hirsch <hirsch@fjhirsch.com>, www-xkms@w3.org
Blair, Comments below: Blair Dillaway wrote: > Yassir, > > I detect an agreement in principal here, just some wording issues. I > concerned about us mandating an implementation for something that isn't > yet a standard. We could argue ourselves into a position where we're > blocked pending XML-P making progress. Yes, I agree it is just a matter of fine-tuning the wording. > > > I'm Ok with language along the lines you suggest. How about the > following: > > a) The specification MUST provide a binding to SOAP 1.2, provided that > specification has reached CR status prior to the XKMS WG completing its > work, and provide a binding to SOAP 1.1 (for interoperability purposes). > > b) XKMS services MUST implement SOAP 1.2 once that specification has > achieved Recommendation status (Joseph - is this the correct W3C wording > to indicate an approved standard?) Two questions for clarification: 1) Why are you distinguishing between CR (Candidate Recommendation) in (a) and Recommendation in (b)? Was this on purpose? I would think we would want CR in both (a) and (b), but I am not that familiar with W3C process (Joseph?). 2) With regard to (a), what is your proposed qualifier before "... provide a binding to SOAP 1.1". (MUST/SHOULD/MAY)? I think we are almost there. -Yassir. > > -----Original Message----- > From: Yassir.Elley@sun.com [mailto:Yassir.Elley@sun.com] > Sent: Wednesday, May 08, 2002 9:38 AM > To: Frederick Hirsch > Cc: www-xkms@w3.org > Subject: Re: Requirements & F2F minutes update > > Firstly, for the sake of clarity, my understanding is that SOAP 1.1 was > submitted to the XML Protocol WG, which is working on SOAP 1.2. > Therefore, > the term "XML Protocol" is interchangeable with "SOAP 1.2". It is not > interchangeable with the term "SOAP 1.1". Therefore, phrases like "XML > Protocol, including both SOAP 1.1 and 1.2" and "XML Protocol as defined > in SOAP > 1.1" don't really make sense because XML Protocol does not include SOAP > 1.1 nor is it defined in SOAP 1.1. If my understanding is incorrect, > please correct me. > > Secondly, I believe neither the current wording in the requirements > document nor the proposed wording below reflect the consensus achieved > at the F2F meeting. Specifically, we don't want to say "Every XKMS > service MUST implement SOAP 1.1", since it is potentially encumbered. I > am fairly flexibly on the rest of the wording. > > According to the minutes: > "Resolution: Target 1.2 for normative purposes. Add requirement in the > bindings section: Services must implement SOAP 1.2, and may have other > bindings. E.g., constrained devices, etc. May also provide 1.1 interop > or profiling (different namespaces, etc)." > > Because of the potential IPR issues with SOAP 1.1, and because the XKMS > WG is chartered as Royalty Free, we had decided that we would make SOAP > 1.2 mandatory to implement and would not require implementation of SOAP > 1.1 at all. We had also decided that, for the sake of interoperability, > we would specify a SOAP > 1.1 binding, but would not require implementation of it. > > With regard to the schedule issues, I believe it was mentioned at the > meeting that SOAP 1.2 is nearing Last Call. Since the XKMS spec is not > nearing Last Call, it is probably safe to say "every XKMS service MUST > implement SOAP 1.2." Clearly, that is our intent, modulo scheduling > issues. With regard to > "revisiting the question of whether implementors must support > SOAP 1.2 should that specification reach CR status prior to the XKMS WG > completing our work," I'm not sure how that works with respect to a > Requirements Document that uses the word MUST. In other words, if our > Requirements Document states that "Every XKMS service MUST implement > SOAP 1.1" and that Requirements Document progresses to CR, can we later > decide to > ignore that requirement in the spec? Can we still claim conformance with > the Requirements? One way around this may be to use "SHOULD" or "MAY" > instead of "MUST". > > Revised proposed wording (taken basically from the minutes): > > a) The specification MUST provide a binding to SOAP 1.2 and > (MAY/SHOULD?) > provide a binding to SOAP 1.1 (for interoperability purposes). > > b) Every XKMS service MUST implement SOAP 1.2 when standardized. > > If this wording is not acceptable to anyone, please propose alternate > wording. As I said, I'm pretty flexible on the wording with the > exception of "Every XKMS service MUST implement SOAP 1.1.", which should > not be implied. > > Regards, > Yassir. > > >is this the idea: > > > >a. The specification MUST provide a binding to XML Protocol, including > >both SOAP 1.1 and 1.2. > > > >b. Every XKMS service MUST implement XML Protocol as defined in SOAP > >1.1 > >and SHOULD implement SOAP 1.2 when standardised." > > > >Blair Dillaway wrote: > >> I support adding a SOAP 1.2 binding to the spec given that it appears > > >> to further along in the W3C process than the XKMS spec. However, > >> since the SOAP 1.2 spec has not yet reached last call status, much > >> less candidate recommendation status, I believe it is premature to > >> include language along the lines of "Every XKMS service MUST > >> implement XML Protocol (SOAP 1.2)". > >> > >> The only firm specification is SOAP 1.1 and it is the only SOAP > >> specification for which there are multiple deployed implementations. > >> So, I believe we must continue specifying a SOAP 1.1 binding and this > > >> binding is the only one we can presently require for implementors. > >> > >> I'm open to revisiting the question of whether implementors must > >> support SOAP 1.2 should that specification reach CR status prior to > >> the XKMS WG completing our work. > >> > >> Blair > >> > >> -----Original Message----- > >> From: Frederick Hirsch [mailto:hirsch@fjhirsch.com] > >> Sent: Tuesday, May 07, 2002 4:47 PM > >> To: Yassir Elley > >> Cc: Shivaram Mysore; www-xkms@w3.org > >> Subject: Re: Requirements & F2F minutes update > >> > >> > >> I thought we decided that 1.2 was required but that 1.1 was as well > >> due > >> to the need to interoperate with existing implementations. I heard us > > >> say that the impact of requiring both would be minimal. > >> > >> If we change the requirements to only require 1.2 shall we also add > >> the > >> wording that "servers SHOULD also support 1.1"? > >> > >> Thanks for the additional comments > >> > >> < Frederick > >> > >> Frederick Hirsch > >> > >> Yassir Elley wrote: > >> > >>>Frederick and Mike have done a great job with the Requirements > >>>document. Thanks! > >>> > >>>I do have a few comments on the May 2002 Draft. > >>> > >>>2.1.4 > >>>We agreed at the meeting that the normative reference will be to SOAP > >>>1.2, not SOAP 1.1. Suggested wording: "The specification MUST provide > > >>>a binding to XML Protocol (SOAP 1.2) [<link to XML > >>>Protocol>] [List(Blair Dillaway, Yassir Elley)]. The > >>>Protocol>XKMSspecification > >> > >> > >>>Protocol>is required to > >>>profile XML Protocol for interoperability, including use of document > >>>literal including." > >>> > >>>2.1.5 > >>>We agreed at the meeting that the normative reference will be to SOAP > >>>1.2, not SOAP 1.1. Suggested wording: "Every XKMS service MUST > >>>implement XML Protocol (SOAP 1.2)" > >>> > >>>2.2.4 > >>>A space is needed between or and payload. Suggested wording: "..., > >>>either transport security or payload protection." > >>> > >>>2.4.11 > >>>I think the words "Protocol schedule" are missing here. Suggested > >>>wording: "... XML Protocol bindings may be published as a separate > >>>document from the specification to avoid dependencies on the XML > >>>Protocol schedule. ..." > >>> > >>>2.5.4 > >>>I am not sure the term "PKIX" is relevant here. "X.509" is probably > >>>adequate. Also, XML DSIG refers to it as X509Certificate, not > >>>X509Cert. Suggested wording: "The X509Certificate KeyInfo format MUST > > >>>be supported by a trust server if the service claims interoperability > > >>>with X.509." > >>> > >>>Also, neither X509Chain nor OCSP are defined in the XML Signature > >>>spec. Suggested wording: "X509Chain and OCSP MUST be defined in the > >>>XKMS specifications." and probably remove the following sentence, or > >>>change it to "X509CRL is defined in the XML Signature > recommendation." > >>> > >>>3 Out of Scope > >>>Please add my name as the source for item 18. i.e. add "[List (Yassir > >>>Elley)]" > >>> > >>>-Yassir. > >>> > >>>Shivaram Mysore wrote: > >>> > >>> > >>> > >>>>All, > >>>> > >>>>The Minutes [1] for F2F meeting held on 23 April have been uploaded > >>>>on > >>> > >> > >>>>to the site. Please send in your comments/corrections to the list. > >>>>Also please take a look at your AI and send resolutions to the list. > >>>> > >>>>Thanks to Merlin Hughes and Glenn Fink for the excellent notes. > >>>> > >>>>Also, the new version of Requirements [2] have been uploaded to the > >>>>website. Please send in your comments to the list. Thanks to > >>>>Frederick Hirsch and Mike Just for the excellent work. > >>>> > >>>>[1] > >>>>http://www.w3.org/2001/XKMS/Minutes/20020423-f2f2-draft-minutes.html > >>>>[2] http://www.w3.org/2001/XKMS/Drafts/xkms-req.html > >>>> > >>>>/Shivaram > >>>>____________________________________________________________________ > __ > >>>>_________ > >>>>Shivaram H. Mysore <shivaram.mysore@sun.com> > >>>> > >>>>Software Engineer Co-Chair, W3C's XKMS > >>> > >> WG > >> > >>>>Java Card Engineering > >>> > >> http://www.w3.org/2001/XKMS > >> > >>>>JavaSoft, Sun Microsystems Inc. > >>>> > >>>>Direct: (408)276-7524 > >>>>Fax: (408)276-7608 > >>>> > >>>>http://java.sun.com/people/shivaram (Internal: > >>>>http://mysore.sfbay/) > >>>>____________________________________________________________________ > __ > >>>>_________ > >>> > >>> > >>> > >> > >> > >> > > > > > >
Received on Thursday, 9 May 2002 10:55:09 UTC