incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davanum Srinivas <d...@yahoo.com>
Subject Re: Proposal for OpenSAML (or a name TBD)
Date Wed, 29 Jan 2003 01:49:03 GMT
Scott,

Please go ahead as Bob suggests....No problems if you don't want to do it. 

<semi-kidding>I can't force any one to do something that they don't wanna do :) </semi-kidding>

-- dims

--- RL 'Bob' Morgan <rlmorgan@washington.edu> wrote:
> 
> So, the point made and apparently agreed to by everyone discussing this
> today is that SAML and WS-Sec are Two Different Things, not related other
> than both using XML and being about security (as are XKMS, XACML, XrML,
> and surely dozens more at this point).  So I'd favor removing all
> references to WS-Sec from this proposal, so as to let any WS-Sec work
> proceed on its own merits.  Specifically remove:
> 
> > One important web services component that might leverage OpenSAML is
> > WS-Security (http://www.oasis-open.org/committees/wss/).
> 
> and remove:
> 
> > WS-Sec or other links would be new code subject to open discussion as to
> > approach and implication.
> 
> and remove:
> 
> > WS-Sec functionality might expand this interest.
> 
> and remove:
> 
> > Work in the web services space, such as the WS-Security work that is
> > emerging from OASIS, could take place either within the scope of a more
> > broadly named project that includes and subsumes OpenSAML, or could be a
> > dependent subproject at ws.apache.org. This would include JAX-RPC and
> > Apache Axis specific WS-Security handlers and code to enable quick
> > adoption of SAML and WS-Security within the Apache project community.
> 
>  - RL "Bob"
> 
> ---
> 
> On Tue, 28 Jan 2003, Scott Cantor wrote:
> 
> > Here's the proposal solicited (and started) by the ws.apache.org folks,
> > edited by me. The name should indeed change if the scope of the
> > subproject is to be wider than SAML (see outstanding issues at the
> > bottom).
> >
> > For the shib/internet2 folks, general@incubator.apache.org is the list
> > to subscribe to to participate in the discussion.
> >
> > Scott Cantor
> > The Ohio State Univ
> > cantor.2@osu.edu
> >
> > ---
> >
> > Proposal for OpenSAML, A Web Services Subproject (via Incubator)
> >
> > 28 January 2003
> > Davanum Srinivas (dims@yahoo.com), Scott Cantor (cantor.2@osu.edu)
> >
> > (0) rationale
> >
> > To support SAML (Security Assertion Markup Language), OpenSAML was developed by
Internet2 as
> part of the Shibboleth project
> > (http://shibboleth.internet2.edu/). The project is currently hosted and managed
by Internet2
> at http://www.opensaml.org. Both a Java
> > and C++ library are being provided and maintained, with a goal of feature parity
and API
> commonality between them.
> >
> > One important web services component that might leverage OpenSAML is
> > WS-Security (http://www.oasis-open.org/committees/wss/). There is also a
> > JSR 155 - Web Services Security Assertions
> > (http://www.jcp.org/en/jsr/detail?id=155) in progress that will (in
> > their words) define a set of APIs, exchange patterns and implementation
> > to securely (integrity and confidentiality) exchange assertions between
> > web services based on OASIS SAML. We could implement this JSR over
> > OpenSAML, either instead of or in addition to the existing API.
> >
> > The ws.apache.org PMC expressed a great deal of interest in the work in
> > order to ramp up their activities quickly, and appears to be eager to
> > contribute to the success of the subproject.
> >
> > (0.1) criteria
> >
> > Meritocracy: Design decisions have been made in consultation with the
> > Shibboleth development team. WS-Sec or other links would be new code
> > subject to open discussion as to approach and implication.
> >
> > Community: Aside from Shibboleth, a growing community of developers,
> > mostly from higher ed, have been playing with the code in their
> > projects. WS-Sec functionality might expand this interest.
> >
> > Core Developers: Primary author is Scott Cantor, with assistance from
> > the Shibboleth development team, and a few other contributions, some
> > from Apache contributors.
> >
> > Alignment: Uses Xerces and Xalan (J and C), xml-security, generally
> > looks to Apache projects before turning elsewhere, due to compatibility
> > of licensing terms and code quality and support.
> >
> > Scope: SAML and functionality to simplify the use of SAML in areas of
> > interest.
> >
> > (0.2) warning signs
> >
> > Orphaned products: Shibboleth has some momentum, and sundry research
> > projects exist that have looked at OpenSAML as a possible starting
> > point.
> >
> > Inexperience: The primary author has been coding the system for about 14
> > months, and has 5+ years experience on web security software, primarily
> > in C and C++. Most of that code has been made publically available and
> > has been shared explicitly with other institutions. Other Shibboleth
> > developers have contributed Unix systems programming, project
> > organization, and Java experience to the project, and they have open
> > source experience as well.
> >
> > Homogeneous Developers: Primarily one developer to this point, though
> > suggestions from other developers have influenced design. Project
> > expected to support layered functionality contributed by other
> > interested parties once core API stablity is reached. IRC has been used
> > extensively to discuss issues.
> >
> > Reliance on Salaried Developers: Shibboleth is funded by Internet2 at
> > the present time, and most of the development has been contract work,
> > but the entire source base has been open source from the beginning.
> >
> > No ties to other Apache Products: Extensive reliance on XML and Jakarta
> > projects, should make use of and serve the forthcoming WS projects.
> >
> > Fascination with Apache Brand: Would like to foster interest in and use
> > of SAML, attract a stable of developers, extend work into web services,
> > possibly explore implications of SAML and Shibboleth models for SSO and
> > identity federation within other Apache projects.
> >
> > (1) scope of the subproject
> >
> > The purpose of this subproject is to create and maintain an
> > implementation of the SAML standard, as defined by the OASIS SSTC, via
> > libraries that support the messages, bindings, and profiles in the
> > standard. This might eventually include reference implementations of
> > SAML authorities for testing or development use (or more if there's
> > interest). This subproject might include an implementation of the
> > JSR-155 yet-to-be-published API for SAML in Java.
> >
> > Work in the web services space, such as the WS-Security work that is
> > emerging from OASIS, could take place either within the scope of a more
> > broadly named project that includes and subsumes OpenSAML, or could be a
> > dependent subproject at ws.apache.org. This would include JAX-RPC and
> > Apache Axis specific WS-Security handlers and code to enable quick
> > adoption of SAML and WS-Security within the Apache project community.
> >
> > (2) identify the initial source from which the subproject is to be
> > populated
> >
> > http://www.opensaml.org
> >
> > (3) identify the ASF resources to be created
> >
> > (3.1) mailing list(s)
> >
> > opensaml-user
> > opensaml-dev
> >
> >
> > (3.2) CVS repositories
> >
> > ws-opensaml (currently there is a cvs at cvs.internet2.edu)
> >
> > (3.3) Bugzilla
> >
> > (currently, there is a bugzilla at bugzilla.internet2.edu)
> >
> > (4) identify the initial set of committers
> >
> > Scott Cantor (cantor.2@osu.edu)
> >
> > Walter Hoehn (wassa@columbia.edu)
> >
> > Derek Atkins (warlord@mit.edu)
> >
> > Christian Geuer-Pollmann (geuer-pollmann@nue.et-inf.uni-siegen.de)
> >
> > Mark Wilcox (mark.wilcox@webct.com)
> >
> > (5) identify apache sponsoring individual
> >
> > Davanum Srinivas (dims@yahoo.com)
> >
> > (6) open issues for discussion
> >
> > Is OpenSAML a stand-alone subproject, or should it expand to include
> > WS-Security work?
> >
> > Are there IPR-related concerns with SAML (patents held by RSA but
> > offered royalty free), or especially with WS-Security and its family of
> > specifications, most of which are not yet standards?
> >
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
> 


=====
Davanum Srinivas - http://xml.apache.org/~dims/

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

Mime
View raw message