Hans, The WS-PMC has VOTE'd to accept the project. Please send in the required documents including your individual CLA (iCLA) as mentioned here - http://www.apache.org/licenses/. I will start the infrastructure process(es) like mailing list, JIRA, SVN etc.
thanks, dims On 5/17/05, Granqvist, Hans <[EMAIL PROTECTED]> wrote: > Proposal > -------- > This is a proposal to submit the Trust Services Integration > Toolkit (TSIK) to ASF. TSIK is a Java toolkit that VeriSign > has been developing since 2001, and it is the basis of several > products developed by VeriSign. > > The intent with Apache TSIK is to create a web services project > to implement standards as defined by W3C, OASIS, and others: > > * Basic XML security standards (XML signature, XML encryption) > * WS-* standards, and > * Other related standards (for example XKMS and SAML) > > A full list of standards can be found at the end of the email. > Emphasis has so far been placed on security-related standards. > > TSIK is a toolkit that is suitable for implementing client as > well as server side components. Several commercial products built > using TSIK are in current use. > > > Rationale > --------- > It is easy to misunderstand the sometimes complex XML security > standards. We have found that improper use of APIs inadvertently > cause most security issues. > > TSIK was therefore designed to be simple and easy to use. Rather > than trying to implement 100% of a specific standard, we wanted to > provide simplified APIs that would make sense in most use cases. > However, what's implemented will always be to specification. > > VeriSign believes the slow pace of adoption of Web Services can be > attributed partly to the lack of open source toolkits. We believe > that making a toolkit like TISK available to the community will > increase the momentum. > > Currently Apache offers two projects related to Web Services > security: > > a. The XML security project, which implements basic XML signature > and XML encryption, and > > b. The WS-FX project, which aims at implementing existing WS* > standards. > > The WS-FX project is an umbrella for several sub projects. The > composability of WS standards means that a division into a > subproject structure is reasonable. WS-FX's main emphasis, though > not the only way of deployment, is by way of Axis filters. > > We propose TSIK as a separate project, somewhat competitive to > WS-FX, but focused more on a toolkit usage model. Within the ASF, > there are already examples of more or less competing projects > (e.g., XML parsers). There is a belief that such internal > competition is healthy. > > There are a number of Java Community Process JSR's in various stages > of development. These JSR APIs will probably end up in ASF projects, > some sooner than later. For example, JSR-105 (XML digital signature) > is already in the final stages and its APIs will likely in time > supplant or complement the current Apache XML security suite. > > Other JSR's of interest include JSR-106 (XML encryption) and JSR-183 > (WS-Security), which will also migrate to a set of APIs that will find > their way into Apache. > > The JSR APIs often strive to completely implement each specification. > While this is sometimes valuable, few applications use more than the > most common functions. Again, TSIK is designed to simplify security > usage as much as possible. > > The long term goal of TSIK could be to use existing underlying > Apache projects, such as XML security suite. > > The initial implementation will be in Java, with support for J2SE > 1.3 and up. > > As a main author of many WS standards, VeriSign will also work to > resolve the IP issues regarding some WS* standards. > > > Scope > ------ > TSIK will implement the WS-* stack of standards. To do this, basic > XML security standards need to be implemented, as discussed above > in the introduction. Most of this functionality already exists in > TSIK. > > Our initial plan is to implement support for the following > specifications in this order: WS-Security, WS-Trust, > WS-SecureConversation (WS-Addressing), WS-SecurityPolicy (WS-Policy), > WS-Reliable-Messaging, WS-Federation (Liberty) and SAML 2.0., but > what gets implemented will in the end be decided by the community > process. > > TSIK should also make it easy to conform to WS-I profiles, for > instance, the Basic Security Profile. > > We believe in an active participation in interop events. There will > be APIs for use cases as defined by interop events in OASIS, W3C, > etc., as well as profiles issues discussed via WS-I. > > Interoperability is paramount and the TSIK test suites shall strive > to always interoperate with other implementations. > > > Known risks > ------------ > > ---Orphaned products > TSIK has always been distributed in binary form. Many customers have > requested access to the source to add functionality to the TSIK code > base. > > ---Commercial interest > The current commercial products built on TSIK have been found to > have no claims on the source code. VeriSign does not plan to develop > parallel in-house versions of TSIK, but spend all efforts on the ASF > TSIK project. > > ---Inexperience with Open Source > Some TSIK developers are already in OS-based businesses. However, > VeriSign has limited experience working on open source projects, but > has extensive experience in creating many open WS* standards, and hope > this will aid in the transition to the open source community. > > ---Initial Reliance on Salaried Workers > It is believed that, initially, most TSIK development will be done by > salaried workers. They will not necessarily be employed by VeriSign, > though. As mentioned above, VeriSign partners and customers have > expressed interest in taking part in developing TSIK. > > ---Licensing, Patents, Miscellaneous Legal > The IP rights surrounding some WS-* standards can be difficult to > understand. As a co-author of many WS-* standards, VeriSign will work > with Apache to make sure those issues are resolved in the community. > > > Initial source > -------------- > TSIK has been in development since around 2001 and has an active user > base (currently over 200 members in the user group). As mentioned > above, it is the basis of several products developed by VeriSign. > > TSIK contains implementations of the XML signature, XML encryption > standards, XKMS and SAML, and WS-Security, etc. It also contains > utility classes to make DOM and XPath easier to use, constructing and > parsing SOAP messages, etc. > > The current Java source code uses Apache libraries and tools (for > example ant, xerces, xalan, log4j). It also uses JUnit for test > coverage. The build processes builds complete documentation (including > javadocs) and contains sample source code to describe usage patterns. > > > Source submission plan > ----------------------- > The following Java packages will be submitted: > > Package name Purpose > ------------------------------------------------------ > org.apache.tsik.crl CRL handling > org.apache.tsik.datatypes Passive data types of general utility > org.apache.tsik.domutil A simplified interface to DOM > org.apache.tsik.messaging XML messaging framework > org.apache.tsik.resource Basic XML facilities (e.g., parsing) > org.apache.tsik.xmlenc XML encryption > org.apache.tsik.xmlsig XML decryption > org.apache.tsik.xmlsig.tools Pkcs#12, #8, JCA/JCE utilities > org.apache.tsik.xpath XPath implementation > org.apache.tsik.wss WS-Security implementation (*) > org.apache.tsik.wst WS-Trust implementation (*) > org.apache.tsik.wsa WS-Addressing (*) > org.apache.tsik.verifier Assess trust of public keys and > certificates > org.apache.tsik.test.* JUnit test suites for all packages > > (*) The WS-* implementations are in various levels of completion. > > There are more packages in TSIK. We want to keep the initial > submission as small as possible to increase its chances of adoption. > > As TSIK is being incubated, we plan to propose adding the following > packages. Our plan is to accomplish this within three months of the > original submission, if there is interest in the group: > > Package name Purpose > ---------------------------------------------------------- > org.apache.tsik.xkms.client Client XKMS APIs > org.apache.tsik.xkms.tools Tools, such as XKMS-aware keystores > org.apache.tsik.util.failover For failsafe implementation > org.apache.schema XML Schema validation > org.apache.tsik.saml SAML 1.0 implementation > org.apache.tsik.cryptostream Streaming crypto framework > org.apache.tsik.cryptostream.pkcs7 Pkcs #7 streams > org.apache.tsik.pki.client PKI lifecycle (certificate enroll, > renew, revoke, etc., operations.) > org.apache.tsik.dime Implementation of DIME (*) > > (*) This package should be updated to comply with latest binary > attachment standard, e.g., SwA. > > > Resources > ---------- > We foresee only standard Apache developer resources to be created, > such as cvs/subversion, developer mailing lists, etc. > > > Documentation > ------------- > TSIK is today available for download (binary code only) from > http://www.verisign.com/developer/xml/ . > > The developer community mailing list is hosted by yahoo on > http://groups.yahoo.com/group/tsik/ > > > Initial committers > ------------------ > Hans Granqvist ([EMAIL PROTECTED]) > Mark Hayes ([EMAIL PROTECTED]) > > Apache sponsor/champion > --------------------------- > Davanum Srinivas ([EMAIL PROTECTED]) > > List of implemented XML standards > ---------------------------------- > These are XML standards implemented in TSIK. > > XPath http://www.w3.org/TR/xpath > Encryption http://www.w3.org/TR/xmlenc-core/ > Signature http://www.w3.org/TR/xmldsig-core/ > Canonicalization http://www.w3.org/TR/xml-c14n > Exclusive c14n http://www.w3.org/TR/xml-exc-c14n/ > XKMS http://www.w3.org/TR/xkms/ > > WS-Addressing http://www.w3.org/Submission/ws-addressing/ > > WS-Security 1.0 (March 15, 2004) > http://docs.oasis-open.org/wss/2004/01/\ > oasis-200401-wss-soap-message-security-1.0.pdf > > WS-Trust (February 2005 draft) > ftp://www6.software.ibm.com/software/developer/library/ws-trust.pdf > > > Contact > ------- > Hans Granqvist, Web Services Architect > VeriSign, Inc. > 487 East Middlefield Road > M/S MV6-2-1 > Mountain View, CA 94043 > > Email: [EMAIL PROTECTED] > Phone: +1-650-426-5232 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Davanum Srinivas - http://webservices.apache.org/~dims/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
