Dims,
Sorry for the delay in responding - am still traveling.
As the role of JSR 155 spec lead, I applaud and support this
effort. The JSR155 team would work with the proposed initiative. We also
plan to seek more synergies like RI et al in the near future.
cheers
> -----Original Message-----
> From: Davanum Srinivas [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 30, 2003 9:21 AM
> To: [EMAIL PROTECTED]
> Cc: Krishna Sankar; Sandeep Kumar
> Subject: Re: Revised OpenSAML proposal
>
>
> CC'ing Sandeep and Krishna - the co-leads for JSR 155.
>
> Thanks,
> dims
>
> --- Scott Cantor <[EMAIL PROTECTED]> wrote:
> > A revised proposal with the references to WS-Sec removed by
> general consent of the parties
> > involved.
> >
> > --- Scott
> >
> > ---
> >
> > Proposal for OpenSAML, A Web Services Subproject (via Incubator)
> >
> > 28 January 2003,
> > Davanum Srinivas ([EMAIL PROTECTED]), Scott Cantor ([EMAIL PROTECTED])
> >
> > (0) rationale
> >
> > To support SAML (Security Assertion Markup Language),
> OpenSAML was developed by Internet2 as
> > part of the Shibboleth project
> > (http://shibboleth.internet2.edu/). The project is
> currently hosted and managed by Internet2 at
> > http://www.opensaml.org. Both a Java
> > and C++ library are being provided and maintained, with a
> goal of feature parity and API
> > commonality between them.
> >
> > There is also a JSR 155 - Web Services Security Assertions
> > (http://www.jcp.org/en/jsr/detail?id=155) in progress that
> will (in their
> > words) define a set of APIs, exchange patterns and
> implementation to securely (integrity and
> > confidentiality) exchange assertions
> > between web services based on OASIS SAML. We could
> implement this JSR over OpenSAML, either
> > instead of or in addition to the
> > existing API. This is analagous to the migration in Xerces
> to JAXP when it became appropriate.
> >
> > The ws.apache.org PMC expressed a great deal of interest in
> the work in order to ramp up their
> > activities quickly, and appears to be
> > eager to contribute to the success of the subproject.
> >
> > (0.1) criteria
> >
> > Meritocracy: Design decisions have been made in
> consultation with the Shibboleth development
> > team.
> >
> > Community: Aside from Shibboleth, a growing community of
> developers, mostly from higher ed, have
> > been playing with the code in their
> > projects.
> >
> > Core Developers: Primary author is Scott Cantor, with
> assistance from the Shibboleth development
> > team, and a few other
> > contributions, some from Apache contributors.
> >
> > Alignment: Uses Xerces and Xalan (J and C), xml-security,
> generally looks to Apache projects
> > before turning elsewhere, due to
> > compatibility of licensing terms and code quality and support.
> >
> > Scope: SAML and functionality to simplify the use of SAML
> in areas of interest.
> >
> > (0.2) warning signs
> >
> > Orphaned products: Shibboleth has some momentum, and sundry
> research projects exist that have
> > looked at OpenSAML as a possible
> > starting point.
> >
> > Inexperience: The primary author has been coding the system
> for about 14 months, and has 5+
> > years experience on web security
> > software, primarily in C and C++. Most of that code has
> been made publically available and has
> > been shared explicitly with other
> > institutions. Other Shibboleth developers have contributed
> Unix systems programming, project
> > organization, and Java experience to
> > the project, and they have open source experience as well.
> >
> > Homogeneous Developers: Primarily one developer to this
> point, though suggestions from other
> > developers have influenced design.
> > Project expected to support layered functionality
> contributed by other interested parties once
> > core API stablity is reached. IRC has
> > been used extensively to discuss issues.
> >
> > Reliance on Salaried Developers: Shibboleth is funded by
> Internet2 at the present time, and most
> > of the development has been
> > contract work, but the entire source base has been open
> source from the beginning.
> >
> > No ties to other Apache Products: Extensive reliance on XML
> and Jakarta projects, should make
> > use of and serve the forthcoming WS
> > projects.
> >
> > Fascination with Apache Brand: Would like to foster
> interest in and use of SAML, attract a
> > stable of developers, extend work into
> > web services, possibly explore implications of SAML and
> Shibboleth models for SSO and identity
> > federation within other Apache
> > projects.
> >
> > (1) scope of the subproject
> >
> > The purpose of this subproject is to create and maintain an
> implementation of the SAML standard,
> > as defined by the OASIS SSTC, via
> > libraries that support the messages, bindings, and profiles
> in the standard. This might
> > eventually include reference implementations
> > of SAML authorities for testing or development use (or more
> if there's interest). This
> > subproject might include an implementation of
> > the JSR-155 yet-to-be-published API for SAML in Java.
> >
> > (2) identify the initial source from which the subproject
> is to be populated
> >
> > http://www.opensaml.org
> >
> > (3) identify the ASF resources to be created
> >
> > (3.1) mailing list(s)
> > opensaml-user
> > opensaml-dev
> >
> >
> > (3.2) CVS repositories
> > ws-opensaml (currently there is a cvs at cvs.internet2.edu)
> >
> > (3.3) Bugzilla
> >
> > (currently, there is a bugzilla at bugzilla.internet2.edu)
> >
> > (4) identify the initial set of committers
> >
> > Scott Cantor ([EMAIL PROTECTED])
> >
> > Walter Hoehn ([EMAIL PROTECTED])
> >
> > Derek Atkins ([EMAIL PROTECTED])
> >
> > Christian Geuer-Pollmann ([EMAIL PROTECTED])
> >
> > Mark Wilcox ([EMAIL PROTECTED])
> >
> > (5) identify apache sponsoring individual
> >
> > Davanum Srinivas ([EMAIL PROTECTED])
> >
> > (6) open issues for discussion
> >
> > Are there IPR-related concerns with SAML (patents held by
> RSA but offered royalty free)?
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
> =====
> Davanum Srinivas - http://webservices.apache.org/~dims/
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
