Announcements
Charter
The purpose of the Security JC is to coordinate the technical
activities of multiple security related TCs. The SJC is
advisory only, and has no deliverables. A TC shall have no
obligation to abide by any decision arrived at in the Security
JC. The business of the Security JC shall be imparted to a
member TC through reports from the chair of its liaison subcommittee.
Such reports shall have the same force and shall be made,
received, and acted upon in the same manner as reports from
any other subcommittee of the TC.[1]
The business of the Security JC will be:
To promote the use of consistent terms
Through consultation with, and the participation of member
TC's, to encourage new and developing TC's to use consistent
security terms and definitions in specification documentation.
To promote re-use
To provide the definition and identification of re-usable
security related specification elements. Security related
specification elements are defined as (but are not limited
to) object models, use cases, extensible XML elements, cryptographic
processes and deployment profiles.
To champion an OASIS security standards model
To champion the creation of a reference model that shows
how OASIS security TC specifications are inter-related. This
reference model shall define how OASIS security related specifications
"fit together" and relate to other security relevant
works at W3C, IETF, WS-I, X.509, ISO, X9 etc.
To provide consistent PR
To provide a single point of contact for addressing security
related enquiries at OASIS and in doing so to help organize
and coordinate security related comment and PR from OASIS.
To promote mutuality, operational independence & ethics
The SJC will foster and maintain respect among OASIS security
TCs and for them in the security community at large. The SJC
will maintain a vendor neutral and vendor agnostic view in
its support for diverse security technologies.
The SJC will promote public safeguards and believes that
security technologies should be used solely for legal, ethical,
and nondiscriminatory purposes. The joint committee is committed
to the highest standards of systems integrity and data security
in order to deter identity theft, protect personal privacy,
and ensure equal rights in all security applications.
[1] This language is derived from the OASIS
TECHNICAL COMMITTEE PROCESS Section 1, Clause (o). The text
is reproduced here to set context for this charter. Where
there may be substantive differences, the OASIS TECHNICAL
COMMITTEE PROCESS document is definitive and will govern.
Membership
The SJC membership is currently restricted to designated
liaison representatives from OASIS security related TC's.
The following OASIS Technical Committees are participating
in this JC:
- OASIS Access Control (XACML) TC
- OASIS Common Biometric Format (XCBF) TC
- OASIS Provisioning Services TC
- OASIS Rights Language TC
- OASIS Security Services (SAML) TC
The following OASIS members are currently representing these
TC's as members of the SJC:
- Carlisle Adams, Entrust, carlisle.adams@entrust.com
- Phil Griffin, Griffin Consulting, phil.griffin@asn-1.com
- Jeff Hodges, Sun, Jeff.Hodges@sun.com
- Hal Lockhart, Entegrity, hal.lockhart@entegrity.com
- Joe Pato, HP, joe_pato@hp.com
- Hari Reddy, ContentGuard, hari.reddy@contentguard.com
- Darran Rolls, Waveset, Darran.Rolls@waveset.com
- Monica Martin, Certivo, mmartin@certivo.net
Official committee responsibilities will be shared between
members. Specifically the role of chair will be rotated on
a schedule to be defined during the first few meetings.
Mailing Lists
The SJC has both private
and public
email lists. The private lists are for the use of JC and other
OASIS members only. The public list is for the use of the
public to make comments on the work of the TC. For all lists
you must be a subscriber in order to post a message to the
list. In order to subscribe to or unsubscribe from any list
go to http://lists.oasis-open.org/ob/adm.pl,
enter your email address, then select which lists you want
to subscribe to or unsubscribe from. The following are the
email lists for this TC:
At the first meeting of the SJC attending members voted unanimously
to allow other OASIS members (not voting members of the SJC)
to subscribe and post to the private mailing list.
Private SJC List: security-jc@lists.oasis-open.org
Public Comment List: (to be posted)
In keeping with OASIS' policy of open discussions, archives
of this JC's lists are viewable by the public at http://lists.oasis-open.org/archives/security-JC/
Schedule and Minutes
The SJC will hold a bi-weekly teleconference calls. The following
calls have been scheduled so far:
- Thursday October 3rd @ 12noon.
Conference call details will be posted to the list with the
agenda before each meeting. In outline, the following vendors
are sponsoring the above scheduled calls
- October 3rd - Waveset Technologies
Meeting |
Minutes |
Agenda |
Status |
Thursday
September 19th - 12:00 noon EDT |
Minutes |
Agenda |
Draft |
Thursday
August 22nd - 12:00 noon EDT |
Minutes |
Agenda |
Approved |
Thursday
August 8th 2002 - 12:00 noon EDT |
Minutes |
Agenda |
Approved |
Thursday
July 25th 2002 - 12:00 noon EDT |
Minutes |
Agenda |
Approved |
Wednesday June
26th 2002 - 12:00 noon EDT |
Minutes |
Agenda |
Approved |
Thursday June
13th 2002 - 12:00 noon GMT -5 |
Minutes |
Agenda |
Approved |
Press
Events
Date |
Event |
8/26/2002 |
OASIS & the W3C are co-sponsoring a security seminar
as part of XML
Web Services One in Boston August 26-30th 2002
as follows:
For Web services to emerge beyond the brochure, customers
will need to see an open architectural model that
works - and that includes a standards-based security
framework. Standards organizations provide the open,
vendor-neutral environment necessary to resolve critical,
often sensitive issues related to security. The Forum
on Security Standards for Web Services is designed
to provide an overview of the Web foundation work
currently being accomplished at W3C, including XML-SIG,
XKMS, Xenc, its model for Web Services Architecture
and the security segment; and the set of security-related
technologies at OASIS, including SAML, WS-Security,
and standards for access control, provisioning, biometrics
and digital rights. Attendees will gain greater understanding
of the relationship between these specifications and
receive insights on future work, connects, disconnects,
overlap and synchronicity |
This OASIS SJC web page is maintained
by Darran Rolls |