You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Berin Lautenbach <be...@wingsofhermes.org> on 2006/06/21 13:28:58 UTC
XML-Security TLP -> Santuario
Board peoples,
Another TLP proposal from the XML project - but with a slight difference.
We are proposing to create a general security software project that has
the xml-security project as a core to build from.
As I mentioned in a previous email - this is not about creating another
super-project (been through that once :>) - it's about having a project
to foster and provide a focal point for security related software within
the foundation. From our XML experiences we have become quite good at
spinning off "sub projects" - we can use that experience to gauge when
promotion is necessary to defend against inadequate oversite.
(Asssuming it is necessary - I'm not really seeing this as a "project
factory".)
The proposal has been put to the vote both within the xml-security group
and within the XML PMC. (History forwarded as part of this email.)
Something to discuss in the inaugural meeting of the new board!
Cheers,
Berin
WHEREAS, the Board of Directors deems it to be in the best
interests of the Foundation and consistent with the
Foundation's purpose to establish a Project Management
Committee charged with the creation and maintenance of
open-source software related to security technologies,
for distribution at no charge to the public.
NOW, THEREFORE, BE IT RESOLVED, that a Project Management
Committee (PMC), to be known as the "Apache Santuario
PMC", be and hereby is established pursuant to Bylaws of the
Foundation; and be it further
RESOLVED, that the Apache Santuario PMC be and hereby is
responsible for the creation and maintenance of software
related to security technologies, based on software licensed
to the Foundation; and be it further
RESOLVED, that the office of "Vice President, Apache Santuario"
be and hereby is created, the person holding such
office to serve at the direction of the Board of Directors as
the chair of the Apache Santuario PMC, and to have primary
responsibility for management of the projects within the
scope of responsibility of the Apache Santuario PMC; and be it
further
RESOLVED, that the persons listed immediately below be and
hereby are appointed to serve as the initial members of the
Apache Santuario PMC:
Axl Mattheus <am...@apache.org>
Berin Lautenbach <bl...@apache.org>
Davanum Srinivas <di...@apache.org>
Raul Benito <ra...@apache.org>
Sean Mullan <mu...@apache.org>
Werner Dittman <we...@apache.org>
NOW, THEREFORE, BE IT FURTHER RESOLVED, that Berin Lautenbach
<bl...@apache.org> is appointed to the office of Vice President,
Apache Santuario, to serve in accordance with and subject
to the direction of the Board of Directors and the Bylaws of
the Foundation until death, resignation, retirement, removal or
disqualification, or until a successor is appointed; and be it
further
RESOLVED, that the initial Apache Santuario PMC be and
hereby is tasked with the creation of a set of bylaws intended to
encourage open development and increased participation in the
Apache Santuario Project; and be it further
RESOLVED, that the initial Apache Santuario PMC be and
hereby is tasked with the migration and rationalization of the
Apache XML PMC, XML Security subproject; and be it further
RESOLVED, that all responsibility pertaining to the Apache XML,
XML Security sub-project and encumbered upon the Apache XML PMC
are hereafter discharged.
-------- Original Message --------
Subject: Re: VOTE: XML-Security TLP -> Santuario
Date: Tue, 20 Jun 2006 08:21:48 +1000
From: Berin Lautenbach <be...@wingsofhermes.org>
Reply-To: pmc@xml.apache.org
To: pmc@xml.apache.org
References: <44...@wingsofhermes.org>
<44...@wingsofhermes.org>
Calling it.
8 +1s (including me) and no dissenting votes.
I will fix the "resolution" and send to the board for the meeting next week.
Thanks all!
Cheers,
Berin
Berin Lautenbach wrote:
> Hi all - I'm going to call this in another 24 hours and put the
> resoluition (amended after Shane's very kind proof reading :>) to the board.
>
> Cheers,
> Berin
>
> Berin Lautenbach wrote:
>
>
>>Peoples,
>>
>>The xml-security project has voted to raise to a TLP named Apache
>>Santuario (vote attached) and to broaden their scope to security
>>software in general. The vote is attached below.
>>
>>This is something we have been looking at doing for a while. Now that
>>xml-security has voted, I need the approval of the XML-PMC. So here is
>>the request:
>>
>>Please vote for/against the promotion of the xml-security project to TLP
>>as a security software project, with scope described in the attached
>>proposed board resolution.
>>
>>+1 from me!
>>
>>Cheers,
>> Berin
>>
>>-------- Original Message --------
>>Subject: Re: VOTE: TLP Resolution
>>Date: Sun, 11 Jun 2006 08:13:42 +1000
>>From: Berin Lautenbach <be...@wingsofhermes.org>
>>Reply-To: security-dev@xml.apache.org
>>To: security-dev@xml.apache.org
>>References: <44...@wingsofhermes.org>
>>
>>OK Calling it.
>>
>>Following people voted:
>>
>>Dims, Berin, Werner, Raul, Sean, Ceki, Steve
>>
>>7 x +1 for TLP. (2 non-binding)
>>7 x +1 for BL as chair (2 non-binding)
>>6 x +1 for Santuario (2 non-binding) and 1 for Raksha.
>>
>>So I will take to the XML PMC and then to then board with the TLP
>>project name of Santuario and the PMC as:
>>
>>Dims
>>Werner
>>Raul
>>Sean
>>Berin
>>
>>Cheers,
>> Berin
>>
>>Berin Lautenbach wrote:
>>
>>
>>
>>>All,
>>>
>>>I'm going to make this happen by hook or by crook.
>>>
>>>I've floated the idea on board@ and got no objections, so lets make it
>>>formal.
>>>
>>>All committers need to cast a vote on the following.
>>>
>>>1) Support for going to TLP as a broad Security project (+1 or -1)
>>>2) The name of the project. See list of proposed names below.
>>>3) The chair. At the moment the only volunteer is myself, so you can
>>>vote +1/-1 to that or you can propose other names :>.
>>>
>>>I've pasted the board proposal at the end of this email.
>>>
>>>I've included a list of current committers on JuiCE (is this OK?) and
>>>XML-Security in the PMC list. To make sure the list is valid, I will be
>>>using this vote to confirm people are interested in being in the PMC.
>>>
>>>IF YOU DO NOT VOTE I WILL ASSUME THAT YOU ARE NOT INTERESTED ON BEING ON
>>>THE PMC! (Sorry for shouting :>.)
>>>
>>>Proposed Names (feel free to add if you have strong feelings) :
>>>
>>>- Raksha
>>>- Security Software
>>>- Santuario
>>>
>>>Cheers,
>>> Berin
>>>
>>>
>>>
>>>WHEREAS, the Board of Directors deems it to be in the best
>>>interests of the Foundation and consistent with the
>>>Foundation's purpose to establish a Project Management
>>>Committee charged with the creation and maintenance of
>>>open-source software related to security technologies,
>>>for distribution at no charge to the public.
>>>
>>>NOW, THEREFORE, BE IT RESOLVED, that a Project Management
>>>Committee (PMC), to be known as the "Apache <XX INSERT NAME XX>
>>>PMC", be and hereby is established pursuant to Bylaws of the
>>>Foundation; and be it further
>>>
>>>RESOLVED, that the Apache <XXX INSERT NAME XX> PMC be and hereby is
>>>responsible for the creation and maintenance of software
>>>related to creation and maintenance of open-source software
>>>related to XML security technologies based on software
>>>licensed to the Foundation; and be it further
>>>
>>>RESOLVED, that the office of "Vice President, Apache <XX INSERT
>>>NAME XX>" be and hereby is created, the person holding such
>>>office to serve at the direction of the Board of Directors as
>>>the chair of the Apache <XX INSERT NAME XX> PMC, and to have primary
>>>responsibility for management of the projects within the
>>>scope of responsibility of the Apache <XX INSERT NAME XX> PMC; and be it
>>>further
>>>
>>>RESOLVED, that the persons listed immediately below be and
>>>hereby are appointed to serve as the initial members of the
>>>Apache <XX INSERT NAME XX> PMC:
>>>
>>>Erwin van der Koogh <vd...@apache.org>
>>>Axl Mattheus <am...@apache.org>
>>>Berin Lautenbach <bl...@apache.org>
>>>Vishal Mahajan <vi...@apache.org>
>>>Davanum Srinivas <di...@apache.org>
>>>Raul Benito <ra...@apache.org>
>>>Milan Tomic <mi...@apache.org>
>>>Sean Mullan <mu...@apache.org>
>>>Karel Wouters <kw...@apache.org>
>>>Noah Levitt <nl...@apache.org>
>>>Walter Hoehn <wa...@apache.org>
>>>Werner Dittman <we...@apache.org>
>>>
>>>NOW, THEREFORE, BE IT FURTHER RESOLVED, that <XX INSERT CHAIR XX>
>>><??...@apache.org> appointed to the office of Vice President,
>>>Apache <XX INSERT NAME XX>, to serve in accordance with and subject
>>>to the direction of the Board of Directors and the Bylaws of
>>>the Foundation until death, resignation, retirement, removal or
>>>disqualification, or until a successor is appointed; and be it
>>>further
>>>
>>>RESOLVED, that the initial Apache <XX INSERT NAME XX> PMC be and
>>>hereby is tasked with the creation of a set of bylaws intended to
>>>encourage open development and increased participation in the
>>>Apache <XX INSERT NAME XX> Project; and be it further
>>>
>>>RESOLVED, that the initial Apache <XX INSERT NAME XX> PMC be and
>>>hereby is tasked with the migration and rationalization of the
>>>Apache XML PMC XML Security subproject; and be it further
>>>
>>>RESOLVED, that all responsibility pertaining to the XML XML
>>>Security sub-project and encumbered upon the Apache XML PMC
>>>are hereafter discharged.
>>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: pmc-unsubscribe@xml.apache.org
>>For additional commands, e-mail: pmc-help@xml.apache.org
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: pmc-unsubscribe@xml.apache.org
> For additional commands, e-mail: pmc-help@xml.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: pmc-unsubscribe@xml.apache.org
For additional commands, e-mail: pmc-help@xml.apache.org
Re: XML-Security TLP -> Santuario
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
Sanjiva,
>From the perspective of WS and the ws-* projects you mention, no change
at all, unless you want to link back and reference to the activities in
Santuario.
On the other hand, one thing the security project would want to do would
be to create a single point where people can come to to get a picture of
all the various security software activities withiin the ASF. So I
would envisage a set of pointers linking to the various pages within the
ASF web related to the activities such as you mention below.
And as far as I'm concerend, the more input the WS groups want to have
in how we build Santuario the better - hint hint hint :>.
Cheers,
Berin
Sanjiva Weerawarana wrote:
> Berin, there security stuff happening in WS land as well: we're
> implementing WS-Security, WS-Secure Conversation, WS-Trust and
> WS-Security Policy .. in both Java and C (and thru the latter for PHP
> etc.). Once those are done then we can do InfoCard and other stuff
> that's coming down the pipe (like WS-Federation).
>
> What's the right way to relate those to the new security TLP?
>
> Sanjiva.
>
> On Wed, 2006-06-21 at 21:28 +1000, Berin Lautenbach wrote:
>
>>Board peoples,
>>
>>Another TLP proposal from the XML project - but with a slight difference.
>>
>>We are proposing to create a general security software project that has
>>the xml-security project as a core to build from.
>>
>>As I mentioned in a previous email - this is not about creating another
>>super-project (been through that once :>) - it's about having a project
>>to foster and provide a focal point for security related software within
>>the foundation. From our XML experiences we have become quite good at
>>spinning off "sub projects" - we can use that experience to gauge when
>>promotion is necessary to defend against inadequate oversite.
>>(Asssuming it is necessary - I'm not really seeing this as a "project
>>factory".)
>>
>>The proposal has been put to the vote both within the xml-security group
>>and within the XML PMC. (History forwarded as part of this email.)
>>
>>Something to discuss in the inaugural meeting of the new board!
>>
>>Cheers,
>> Berin
>>
>>
>>WHEREAS, the Board of Directors deems it to be in the best
>>interests of the Foundation and consistent with the
>>Foundation's purpose to establish a Project Management
>>Committee charged with the creation and maintenance of
>>open-source software related to security technologies,
>>for distribution at no charge to the public.
>>
>>NOW, THEREFORE, BE IT RESOLVED, that a Project Management
>>Committee (PMC), to be known as the "Apache Santuario
>>PMC", be and hereby is established pursuant to Bylaws of the
>>Foundation; and be it further
>>
>>RESOLVED, that the Apache Santuario PMC be and hereby is
>>responsible for the creation and maintenance of software
>>related to security technologies, based on software licensed
>>to the Foundation; and be it further
>>
>>RESOLVED, that the office of "Vice President, Apache Santuario"
>>be and hereby is created, the person holding such
>>office to serve at the direction of the Board of Directors as
>>the chair of the Apache Santuario PMC, and to have primary
>>responsibility for management of the projects within the
>>scope of responsibility of the Apache Santuario PMC; and be it
>>further
>>
>>RESOLVED, that the persons listed immediately below be and
>>hereby are appointed to serve as the initial members of the
>>Apache Santuario PMC:
>>
>>Axl Mattheus <am...@apache.org>
>>Berin Lautenbach <bl...@apache.org>
>>Davanum Srinivas <di...@apache.org>
>>Raul Benito <ra...@apache.org>
>>Sean Mullan <mu...@apache.org>
>>Werner Dittman <we...@apache.org>
>>
>>NOW, THEREFORE, BE IT FURTHER RESOLVED, that Berin Lautenbach
>><bl...@apache.org> is appointed to the office of Vice President,
>>Apache Santuario, to serve in accordance with and subject
>>to the direction of the Board of Directors and the Bylaws of
>>the Foundation until death, resignation, retirement, removal or
>>disqualification, or until a successor is appointed; and be it
>>further
>>
>>RESOLVED, that the initial Apache Santuario PMC be and
>>hereby is tasked with the creation of a set of bylaws intended to
>>encourage open development and increased participation in the
>>Apache Santuario Project; and be it further
>>
>>RESOLVED, that the initial Apache Santuario PMC be and
>>hereby is tasked with the migration and rationalization of the
>>Apache XML PMC, XML Security subproject; and be it further
>>
>>RESOLVED, that all responsibility pertaining to the Apache XML,
>>XML Security sub-project and encumbered upon the Apache XML PMC
>>are hereafter discharged.
>>
>>
>>
>>-------- Original Message --------
>>Subject: Re: VOTE: XML-Security TLP -> Santuario
>>Date: Tue, 20 Jun 2006 08:21:48 +1000
>>From: Berin Lautenbach <be...@wingsofhermes.org>
>>Reply-To: pmc@xml.apache.org
>>To: pmc@xml.apache.org
>>References: <44...@wingsofhermes.org>
>><44...@wingsofhermes.org>
>>
>>Calling it.
>>
>>8 +1s (including me) and no dissenting votes.
>>
>>I will fix the "resolution" and send to the board for the meeting next week.
>>
>>Thanks all!
>>
>>Cheers,
>> Berin
>>
>>Berin Lautenbach wrote:
>>
>>
>>>Hi all - I'm going to call this in another 24 hours and put the
>>>resoluition (amended after Shane's very kind proof reading :>) to the board.
>>>
>>>Cheers,
>>> Berin
>>>
>>>Berin Lautenbach wrote:
>>>
>>>
>>>
>>>>Peoples,
>>>>
>>>>The xml-security project has voted to raise to a TLP named Apache
>>>>Santuario (vote attached) and to broaden their scope to security
>>>>software in general. The vote is attached below.
>>>>
>>>>This is something we have been looking at doing for a while. Now that
>>>>xml-security has voted, I need the approval of the XML-PMC. So here is
>>>>the request:
>>>>
>>>>Please vote for/against the promotion of the xml-security project to TLP
>>>>as a security software project, with scope described in the attached
>>>>proposed board resolution.
>>>>
>>>>+1 from me!
>>>>
>>>>Cheers,
>>>> Berin
>>>>
>>>>-------- Original Message --------
>>>>Subject: Re: VOTE: TLP Resolution
>>>>Date: Sun, 11 Jun 2006 08:13:42 +1000
>>>>From: Berin Lautenbach <be...@wingsofhermes.org>
>>>>Reply-To: security-dev@xml.apache.org
>>>>To: security-dev@xml.apache.org
>>>>References: <44...@wingsofhermes.org>
>>>>
>>>>OK Calling it.
>>>>
>>>>Following people voted:
>>>>
>>>>Dims, Berin, Werner, Raul, Sean, Ceki, Steve
>>>>
>>>>7 x +1 for TLP. (2 non-binding)
>>>>7 x +1 for BL as chair (2 non-binding)
>>>>6 x +1 for Santuario (2 non-binding) and 1 for Raksha.
>>>>
>>>>So I will take to the XML PMC and then to then board with the TLP
>>>>project name of Santuario and the PMC as:
>>>>
>>>>Dims
>>>>Werner
>>>>Raul
>>>>Sean
>>>>Berin
>>>>
>>>>Cheers,
>>>> Berin
>>>>
>>>>Berin Lautenbach wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>All,
>>>>>
>>>>>I'm going to make this happen by hook or by crook.
>>>>>
>>>>>I've floated the idea on board@ and got no objections, so lets make it
>>>>>formal.
>>>>>
>>>>>All committers need to cast a vote on the following.
>>>>>
>>>>>1) Support for going to TLP as a broad Security project (+1 or -1)
>>>>>2) The name of the project. See list of proposed names below.
>>>>>3) The chair. At the moment the only volunteer is myself, so you can
>>>>>vote +1/-1 to that or you can propose other names :>.
>>>>>
>>>>>I've pasted the board proposal at the end of this email.
>>>>>
>>>>>I've included a list of current committers on JuiCE (is this OK?) and
>>>>>XML-Security in the PMC list. To make sure the list is valid, I will be
>>>>>using this vote to confirm people are interested in being in the PMC.
>>>>>
>>>>>IF YOU DO NOT VOTE I WILL ASSUME THAT YOU ARE NOT INTERESTED ON BEING ON
>>>>>THE PMC! (Sorry for shouting :>.)
>>>>>
>>>>>Proposed Names (feel free to add if you have strong feelings) :
>>>>>
>>>>>- Raksha
>>>>>- Security Software
>>>>>- Santuario
>>>>>
>>>>>Cheers,
>>>>> Berin
>>>>>
>>>>>
>>>>>
>>>>>WHEREAS, the Board of Directors deems it to be in the best
>>>>>interests of the Foundation and consistent with the
>>>>>Foundation's purpose to establish a Project Management
>>>>>Committee charged with the creation and maintenance of
>>>>>open-source software related to security technologies,
>>>>>for distribution at no charge to the public.
>>>>>
>>>>>NOW, THEREFORE, BE IT RESOLVED, that a Project Management
>>>>>Committee (PMC), to be known as the "Apache <XX INSERT NAME XX>
>>>>>PMC", be and hereby is established pursuant to Bylaws of the
>>>>>Foundation; and be it further
>>>>>
>>>>>RESOLVED, that the Apache <XXX INSERT NAME XX> PMC be and hereby is
>>>>>responsible for the creation and maintenance of software
>>>>>related to creation and maintenance of open-source software
>>>>>related to XML security technologies based on software
>>>>>licensed to the Foundation; and be it further
>>>>>
>>>>>RESOLVED, that the office of "Vice President, Apache <XX INSERT
>>>>>NAME XX>" be and hereby is created, the person holding such
>>>>>office to serve at the direction of the Board of Directors as
>>>>>the chair of the Apache <XX INSERT NAME XX> PMC, and to have primary
>>>>>responsibility for management of the projects within the
>>>>>scope of responsibility of the Apache <XX INSERT NAME XX> PMC; and be it
>>>>>further
>>>>>
>>>>>RESOLVED, that the persons listed immediately below be and
>>>>>hereby are appointed to serve as the initial members of the
>>>>>Apache <XX INSERT NAME XX> PMC:
>>>>>
>>>>>Erwin van der Koogh <vd...@apache.org>
>>>>>Axl Mattheus <am...@apache.org>
>>>>>Berin Lautenbach <bl...@apache.org>
>>>>>Vishal Mahajan <vi...@apache.org>
>>>>>Davanum Srinivas <di...@apache.org>
>>>>>Raul Benito <ra...@apache.org>
>>>>>Milan Tomic <mi...@apache.org>
>>>>>Sean Mullan <mu...@apache.org>
>>>>>Karel Wouters <kw...@apache.org>
>>>>>Noah Levitt <nl...@apache.org>
>>>>>Walter Hoehn <wa...@apache.org>
>>>>>Werner Dittman <we...@apache.org>
>>>>>
>>>>>NOW, THEREFORE, BE IT FURTHER RESOLVED, that <XX INSERT CHAIR XX>
>>>>><??...@apache.org> appointed to the office of Vice President,
>>>>>Apache <XX INSERT NAME XX>, to serve in accordance with and subject
>>>>>to the direction of the Board of Directors and the Bylaws of
>>>>>the Foundation until death, resignation, retirement, removal or
>>>>>disqualification, or until a successor is appointed; and be it
>>>>>further
>>>>>
>>>>>RESOLVED, that the initial Apache <XX INSERT NAME XX> PMC be and
>>>>>hereby is tasked with the creation of a set of bylaws intended to
>>>>>encourage open development and increased participation in the
>>>>>Apache <XX INSERT NAME XX> Project; and be it further
>>>>>
>>>>>RESOLVED, that the initial Apache <XX INSERT NAME XX> PMC be and
>>>>>hereby is tasked with the migration and rationalization of the
>>>>>Apache XML PMC XML Security subproject; and be it further
>>>>>
>>>>>RESOLVED, that all responsibility pertaining to the XML XML
>>>>>Security sub-project and encumbered upon the Apache XML PMC
>>>>>are hereafter discharged.
>>>>>
>>>>
>>>>
>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: pmc-unsubscribe@xml.apache.org
>>>>For additional commands, e-mail: pmc-help@xml.apache.org
>>>>
>>>>
>>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: pmc-unsubscribe@xml.apache.org
>>>For additional commands, e-mail: pmc-help@xml.apache.org
>>>
>>>
>>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: pmc-unsubscribe@xml.apache.org
>>For additional commands, e-mail: pmc-help@xml.apache.org
>>
>>
>>
>
>
>
>
Re: XML-Security TLP -> Santuario
Posted by Sanjiva Weerawarana <sa...@opensource.lk>.
Berin, there security stuff happening in WS land as well: we're
implementing WS-Security, WS-Secure Conversation, WS-Trust and
WS-Security Policy .. in both Java and C (and thru the latter for PHP
etc.). Once those are done then we can do InfoCard and other stuff
that's coming down the pipe (like WS-Federation).
What's the right way to relate those to the new security TLP?
Sanjiva.
On Wed, 2006-06-21 at 21:28 +1000, Berin Lautenbach wrote:
> Board peoples,
>
> Another TLP proposal from the XML project - but with a slight difference.
>
> We are proposing to create a general security software project that has
> the xml-security project as a core to build from.
>
> As I mentioned in a previous email - this is not about creating another
> super-project (been through that once :>) - it's about having a project
> to foster and provide a focal point for security related software within
> the foundation. From our XML experiences we have become quite good at
> spinning off "sub projects" - we can use that experience to gauge when
> promotion is necessary to defend against inadequate oversite.
> (Asssuming it is necessary - I'm not really seeing this as a "project
> factory".)
>
> The proposal has been put to the vote both within the xml-security group
> and within the XML PMC. (History forwarded as part of this email.)
>
> Something to discuss in the inaugural meeting of the new board!
>
> Cheers,
> Berin
>
>
> WHEREAS, the Board of Directors deems it to be in the best
> interests of the Foundation and consistent with the
> Foundation's purpose to establish a Project Management
> Committee charged with the creation and maintenance of
> open-source software related to security technologies,
> for distribution at no charge to the public.
>
> NOW, THEREFORE, BE IT RESOLVED, that a Project Management
> Committee (PMC), to be known as the "Apache Santuario
> PMC", be and hereby is established pursuant to Bylaws of the
> Foundation; and be it further
>
> RESOLVED, that the Apache Santuario PMC be and hereby is
> responsible for the creation and maintenance of software
> related to security technologies, based on software licensed
> to the Foundation; and be it further
>
> RESOLVED, that the office of "Vice President, Apache Santuario"
> be and hereby is created, the person holding such
> office to serve at the direction of the Board of Directors as
> the chair of the Apache Santuario PMC, and to have primary
> responsibility for management of the projects within the
> scope of responsibility of the Apache Santuario PMC; and be it
> further
>
> RESOLVED, that the persons listed immediately below be and
> hereby are appointed to serve as the initial members of the
> Apache Santuario PMC:
>
> Axl Mattheus <am...@apache.org>
> Berin Lautenbach <bl...@apache.org>
> Davanum Srinivas <di...@apache.org>
> Raul Benito <ra...@apache.org>
> Sean Mullan <mu...@apache.org>
> Werner Dittman <we...@apache.org>
>
> NOW, THEREFORE, BE IT FURTHER RESOLVED, that Berin Lautenbach
> <bl...@apache.org> is appointed to the office of Vice President,
> Apache Santuario, to serve in accordance with and subject
> to the direction of the Board of Directors and the Bylaws of
> the Foundation until death, resignation, retirement, removal or
> disqualification, or until a successor is appointed; and be it
> further
>
> RESOLVED, that the initial Apache Santuario PMC be and
> hereby is tasked with the creation of a set of bylaws intended to
> encourage open development and increased participation in the
> Apache Santuario Project; and be it further
>
> RESOLVED, that the initial Apache Santuario PMC be and
> hereby is tasked with the migration and rationalization of the
> Apache XML PMC, XML Security subproject; and be it further
>
> RESOLVED, that all responsibility pertaining to the Apache XML,
> XML Security sub-project and encumbered upon the Apache XML PMC
> are hereafter discharged.
>
>
>
> -------- Original Message --------
> Subject: Re: VOTE: XML-Security TLP -> Santuario
> Date: Tue, 20 Jun 2006 08:21:48 +1000
> From: Berin Lautenbach <be...@wingsofhermes.org>
> Reply-To: pmc@xml.apache.org
> To: pmc@xml.apache.org
> References: <44...@wingsofhermes.org>
> <44...@wingsofhermes.org>
>
> Calling it.
>
> 8 +1s (including me) and no dissenting votes.
>
> I will fix the "resolution" and send to the board for the meeting next week.
>
> Thanks all!
>
> Cheers,
> Berin
>
> Berin Lautenbach wrote:
>
> > Hi all - I'm going to call this in another 24 hours and put the
> > resoluition (amended after Shane's very kind proof reading :>) to the board.
> >
> > Cheers,
> > Berin
> >
> > Berin Lautenbach wrote:
> >
> >
> >>Peoples,
> >>
> >>The xml-security project has voted to raise to a TLP named Apache
> >>Santuario (vote attached) and to broaden their scope to security
> >>software in general. The vote is attached below.
> >>
> >>This is something we have been looking at doing for a while. Now that
> >>xml-security has voted, I need the approval of the XML-PMC. So here is
> >>the request:
> >>
> >>Please vote for/against the promotion of the xml-security project to TLP
> >>as a security software project, with scope described in the attached
> >>proposed board resolution.
> >>
> >>+1 from me!
> >>
> >>Cheers,
> >> Berin
> >>
> >>-------- Original Message --------
> >>Subject: Re: VOTE: TLP Resolution
> >>Date: Sun, 11 Jun 2006 08:13:42 +1000
> >>From: Berin Lautenbach <be...@wingsofhermes.org>
> >>Reply-To: security-dev@xml.apache.org
> >>To: security-dev@xml.apache.org
> >>References: <44...@wingsofhermes.org>
> >>
> >>OK Calling it.
> >>
> >>Following people voted:
> >>
> >>Dims, Berin, Werner, Raul, Sean, Ceki, Steve
> >>
> >>7 x +1 for TLP. (2 non-binding)
> >>7 x +1 for BL as chair (2 non-binding)
> >>6 x +1 for Santuario (2 non-binding) and 1 for Raksha.
> >>
> >>So I will take to the XML PMC and then to then board with the TLP
> >>project name of Santuario and the PMC as:
> >>
> >>Dims
> >>Werner
> >>Raul
> >>Sean
> >>Berin
> >>
> >>Cheers,
> >> Berin
> >>
> >>Berin Lautenbach wrote:
> >>
> >>
> >>
> >>>All,
> >>>
> >>>I'm going to make this happen by hook or by crook.
> >>>
> >>>I've floated the idea on board@ and got no objections, so lets make it
> >>>formal.
> >>>
> >>>All committers need to cast a vote on the following.
> >>>
> >>>1) Support for going to TLP as a broad Security project (+1 or -1)
> >>>2) The name of the project. See list of proposed names below.
> >>>3) The chair. At the moment the only volunteer is myself, so you can
> >>>vote +1/-1 to that or you can propose other names :>.
> >>>
> >>>I've pasted the board proposal at the end of this email.
> >>>
> >>>I've included a list of current committers on JuiCE (is this OK?) and
> >>>XML-Security in the PMC list. To make sure the list is valid, I will be
> >>>using this vote to confirm people are interested in being in the PMC.
> >>>
> >>>IF YOU DO NOT VOTE I WILL ASSUME THAT YOU ARE NOT INTERESTED ON BEING ON
> >>>THE PMC! (Sorry for shouting :>.)
> >>>
> >>>Proposed Names (feel free to add if you have strong feelings) :
> >>>
> >>>- Raksha
> >>>- Security Software
> >>>- Santuario
> >>>
> >>>Cheers,
> >>> Berin
> >>>
> >>>
> >>>
> >>>WHEREAS, the Board of Directors deems it to be in the best
> >>>interests of the Foundation and consistent with the
> >>>Foundation's purpose to establish a Project Management
> >>>Committee charged with the creation and maintenance of
> >>>open-source software related to security technologies,
> >>>for distribution at no charge to the public.
> >>>
> >>>NOW, THEREFORE, BE IT RESOLVED, that a Project Management
> >>>Committee (PMC), to be known as the "Apache <XX INSERT NAME XX>
> >>>PMC", be and hereby is established pursuant to Bylaws of the
> >>>Foundation; and be it further
> >>>
> >>>RESOLVED, that the Apache <XXX INSERT NAME XX> PMC be and hereby is
> >>>responsible for the creation and maintenance of software
> >>>related to creation and maintenance of open-source software
> >>>related to XML security technologies based on software
> >>>licensed to the Foundation; and be it further
> >>>
> >>>RESOLVED, that the office of "Vice President, Apache <XX INSERT
> >>>NAME XX>" be and hereby is created, the person holding such
> >>>office to serve at the direction of the Board of Directors as
> >>>the chair of the Apache <XX INSERT NAME XX> PMC, and to have primary
> >>>responsibility for management of the projects within the
> >>>scope of responsibility of the Apache <XX INSERT NAME XX> PMC; and be it
> >>>further
> >>>
> >>>RESOLVED, that the persons listed immediately below be and
> >>>hereby are appointed to serve as the initial members of the
> >>>Apache <XX INSERT NAME XX> PMC:
> >>>
> >>>Erwin van der Koogh <vd...@apache.org>
> >>>Axl Mattheus <am...@apache.org>
> >>>Berin Lautenbach <bl...@apache.org>
> >>>Vishal Mahajan <vi...@apache.org>
> >>>Davanum Srinivas <di...@apache.org>
> >>>Raul Benito <ra...@apache.org>
> >>>Milan Tomic <mi...@apache.org>
> >>>Sean Mullan <mu...@apache.org>
> >>>Karel Wouters <kw...@apache.org>
> >>>Noah Levitt <nl...@apache.org>
> >>>Walter Hoehn <wa...@apache.org>
> >>>Werner Dittman <we...@apache.org>
> >>>
> >>>NOW, THEREFORE, BE IT FURTHER RESOLVED, that <XX INSERT CHAIR XX>
> >>><??...@apache.org> appointed to the office of Vice President,
> >>>Apache <XX INSERT NAME XX>, to serve in accordance with and subject
> >>>to the direction of the Board of Directors and the Bylaws of
> >>>the Foundation until death, resignation, retirement, removal or
> >>>disqualification, or until a successor is appointed; and be it
> >>>further
> >>>
> >>>RESOLVED, that the initial Apache <XX INSERT NAME XX> PMC be and
> >>>hereby is tasked with the creation of a set of bylaws intended to
> >>>encourage open development and increased participation in the
> >>>Apache <XX INSERT NAME XX> Project; and be it further
> >>>
> >>>RESOLVED, that the initial Apache <XX INSERT NAME XX> PMC be and
> >>>hereby is tasked with the migration and rationalization of the
> >>>Apache XML PMC XML Security subproject; and be it further
> >>>
> >>>RESOLVED, that all responsibility pertaining to the XML XML
> >>>Security sub-project and encumbered upon the Apache XML PMC
> >>>are hereafter discharged.
> >>>
> >>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: pmc-unsubscribe@xml.apache.org
> >>For additional commands, e-mail: pmc-help@xml.apache.org
> >>
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: pmc-unsubscribe@xml.apache.org
> > For additional commands, e-mail: pmc-help@xml.apache.org
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: pmc-unsubscribe@xml.apache.org
> For additional commands, e-mail: pmc-help@xml.apache.org
>
>
>
Re: XML-Security TLP -> Santuario
Posted by Davanum Srinivas <da...@gmail.com>.
Berin,
let's go with just xml-security...
-- dims
On 6/25/06, Berin Lautenbach <be...@wingsofhermes.org> wrote:
> OK guys, quick poll - is anyone going to get upset if I put forwad two
> resolutions to the board, one as original which is preferred and one as
> just xml-security as the fallback?
>
> I should have realised that creating a broad project might get sticky -
> my apologies to all. I'm still going to push forward some kind of idea
> of a federation for security issues within the ASF however.
>
> Cheers,
> Berin
>
> Greg Stein wrote:
>
> > I'd suggest simply moving XML-Security to a TLP and not worry about it
> > needing to have a broader role. There is no problem with a "small"
> > TLP.
> >
> > I think any sort of "security federation" would be handled similarly
> > to the site-dev mailing list and its care/feeding of www.apache.org.
> > (and I might even suggest just putting the federation there, rather
> > than foo.apache.org)
> >
> > Cheers,
> > -g
> >
> > On 6/22/06, Berin Lautenbach <be...@wingsofhermes.org> wrote:
> >
> >> Roy T. Fielding wrote:
> >>
> >> > It sounds like a decent idea for a federation, but a terrible idea
> >> > for a project. Projects need to be responsible for a product or they
> >> > just end up in the weeds. A federation of projects can simply maintain
> >> > a general mailing list and website.
> >>
> >> It would be responsible for code - the current xml-security stuff that
> >> sits within the XML project/federation. And it would look to start new
> >> things as well - with an absolute intent to move them to TLP when
> >> necessary (i.e. when it became clear the Santuario PMC did not have
> >> direct oversite).
> >>
> >> I know we are trying not to create umbrella projects - I'm trying to
> >> walk a middle ground to see if we can make something like this work with
> >> a community that fosters this area. It's a bit of a community
> >> experiment as well as a technical one.
> >>
> >> Cheers,
> >> Berin
> >>
> >>
> >
> >
>
--
Davanum Srinivas : http://people.apache.org/~dims/
Re: XML-Security TLP -> Santuario
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
OK guys, quick poll - is anyone going to get upset if I put forwad two
resolutions to the board, one as original which is preferred and one as
just xml-security as the fallback?
I should have realised that creating a broad project might get sticky -
my apologies to all. I'm still going to push forward some kind of idea
of a federation for security issues within the ASF however.
Cheers,
Berin
Greg Stein wrote:
> I'd suggest simply moving XML-Security to a TLP and not worry about it
> needing to have a broader role. There is no problem with a "small"
> TLP.
>
> I think any sort of "security federation" would be handled similarly
> to the site-dev mailing list and its care/feeding of www.apache.org.
> (and I might even suggest just putting the federation there, rather
> than foo.apache.org)
>
> Cheers,
> -g
>
> On 6/22/06, Berin Lautenbach <be...@wingsofhermes.org> wrote:
>
>> Roy T. Fielding wrote:
>>
>> > It sounds like a decent idea for a federation, but a terrible idea
>> > for a project. Projects need to be responsible for a product or they
>> > just end up in the weeds. A federation of projects can simply maintain
>> > a general mailing list and website.
>>
>> It would be responsible for code - the current xml-security stuff that
>> sits within the XML project/federation. And it would look to start new
>> things as well - with an absolute intent to move them to TLP when
>> necessary (i.e. when it became clear the Santuario PMC did not have
>> direct oversite).
>>
>> I know we are trying not to create umbrella projects - I'm trying to
>> walk a middle ground to see if we can make something like this work with
>> a community that fosters this area. It's a bit of a community
>> experiment as well as a technical one.
>>
>> Cheers,
>> Berin
>>
>>
>
>
Re: XML-Security TLP -> Santuario
Posted by Greg Stein <gs...@lyra.org>.
I'd suggest simply moving XML-Security to a TLP and not worry about it
needing to have a broader role. There is no problem with a "small"
TLP.
I think any sort of "security federation" would be handled similarly
to the site-dev mailing list and its care/feeding of www.apache.org.
(and I might even suggest just putting the federation there, rather
than foo.apache.org)
Cheers,
-g
On 6/22/06, Berin Lautenbach <be...@wingsofhermes.org> wrote:
> Roy T. Fielding wrote:
>
> > It sounds like a decent idea for a federation, but a terrible idea
> > for a project. Projects need to be responsible for a product or they
> > just end up in the weeds. A federation of projects can simply maintain
> > a general mailing list and website.
>
> It would be responsible for code - the current xml-security stuff that
> sits within the XML project/federation. And it would look to start new
> things as well - with an absolute intent to move them to TLP when
> necessary (i.e. when it became clear the Santuario PMC did not have
> direct oversite).
>
> I know we are trying not to create umbrella projects - I'm trying to
> walk a middle ground to see if we can make something like this work with
> a community that fosters this area. It's a bit of a community
> experiment as well as a technical one.
>
> Cheers,
> Berin
>
>
--
Greg Stein, http://www.lyra.org/
Re: XML-Security TLP -> Santuario
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
Roy T. Fielding wrote:
<snip>
> Any given problem at Apache can be solved at least a dozen different
> ways, satisfying different sets of consumers, and reaching independent
> levels of perfections in the minds of their own designers. We should
> not fear internal competition.
>
> A federation is simply an umbrella project with no significant
> responsibilities of its own -- all of its projects report directly
> to the board and simply view the federation as a communal thing.
> I think XML and Jakarta should already fall into that category.
> Starting one is just like starting a project, except that the
> purpose is limited to community/commons like things and not actual
> products.
Hmmm - I hear what you are saying, and I don't disagree with the basic
thrust. It's why I've tried to be careful about how I position this.
However the issue I have is that I don't believe a Federation is ever
going to work in the ASF without the ability to do small products that
are not major projects in and of themselves, but things that will be
useful elsewhere. (Or is that what you meant by commons?) On a
personal level, I suspect I'm less focused on code than most people in
the trenches, but if I don't have something technical to focus on I'm
going to get disillusioned quickly.
So we want to create a project that can do components of code (e.g. the
xml-security libraries) but which has a broader focus of fostering
security software within the foundation.
I absolutely *don't* want to create a project that has control of every
bit of security software or to be telling people what should be used or
what should be started up. Thinking it through - that means the
resolution wording is actually wrong - I'm happy to change it to better
reflect that focus, but I don't want to throw away the ability to have
the code pieces in there.
Cheers,
Berin
Re: XML-Security TLP -> Santuario
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
On Jun 22, 2006, at 3:01 AM, Berin Lautenbach wrote:
> Roy T. Fielding wrote:
>
>> It sounds like a decent idea for a federation, but a terrible idea
>> for a project. Projects need to be responsible for a product or they
>> just end up in the weeds. A federation of projects can simply
>> maintain
>> a general mailing list and website.
>
> It would be responsible for code - the current xml-security stuff that
> sits within the XML project/federation. And it would look to start
> new
> things as well - with an absolute intent to move them to TLP when
> necessary (i.e. when it became clear the Santuario PMC did not have
> direct oversite).
>
> I know we are trying not to create umbrella projects - I'm trying to
> walk a middle ground to see if we can make something like this work
> with
> a community that fosters this area. It's a bit of a community
> experiment as well as a technical one.
There is no middle ground. I'll try to explain the problem.
When a project "owns" a category, such as security, the participants
think that they are responsible for all Apache products in that space.
Meanwhile, what they are actually working on is a fairly small project
that addresses the specific requirements of a given set of users, such
as xml-security. People don't try to make products that are applicable
to every possible consumer in a given category, and volunteers cannot
oversee projects in which they do not actually participate. What is
left is either a single project that rejects all new target audiences
or an umbrella project that creates an artificial barrier to oversight.
There is no way to broaden the perspective of a project -- people
simply don't wake up one day and discover a need to be aware of
everyone else's work in similar projects, and most people don't
have the bandwidth to do so anyway. That is why each project has
to be self-governed.
When someone else comes along and says an obvious thing like
"XML is inherently non-secure, I want to work on a security project
that demonstrates a better way of securing blah", the developers in this
so-called "security" project are likely to be offended and make it
socially impossible for that person to participate. Even if that
is not the case, the perception that it might be the case will cause
potential contributors to go elsewhere rather than express their
ideas for a new project.
The bureaucratic mentality of committees needs to be actively offset
by the board and the only real mechanism the board has to do that is
to make sure the committees don't own categories. Instead, a PMC
owns a particular product-line and decides for that product-line the
design trade-offs to fit its target audience. If someone else comes
along with a different audience in mind (but the same category), they
don't have to be compelled to merge with the existing project and we
don't have to abuse users with major incompatible changes -- we just
set up a new product line with its own set of developers. If the
two projects decide to merge later on, everyone wins. If not, nobody
loses.
Any given problem at Apache can be solved at least a dozen different
ways, satisfying different sets of consumers, and reaching independent
levels of perfections in the minds of their own designers. We should
not fear internal competition.
A federation is simply an umbrella project with no significant
responsibilities of its own -- all of its projects report directly
to the board and simply view the federation as a communal thing.
I think XML and Jakarta should already fall into that category.
Starting one is just like starting a project, except that the
purpose is limited to community/commons like things and not actual
products.
....Roy
Re: XML-Security TLP -> Santuario
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
Roy T. Fielding wrote:
> It sounds like a decent idea for a federation, but a terrible idea
> for a project. Projects need to be responsible for a product or they
> just end up in the weeds. A federation of projects can simply maintain
> a general mailing list and website.
It would be responsible for code - the current xml-security stuff that
sits within the XML project/federation. And it would look to start new
things as well - with an absolute intent to move them to TLP when
necessary (i.e. when it became clear the Santuario PMC did not have
direct oversite).
I know we are trying not to create umbrella projects - I'm trying to
walk a middle ground to see if we can make something like this work with
a community that fosters this area. It's a bit of a community
experiment as well as a technical one.
Cheers,
Berin
Re: XML-Security TLP -> Santuario
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
It sounds like a decent idea for a federation, but a terrible idea
for a project. Projects need to be responsible for a product or they
just end up in the weeds. A federation of projects can simply maintain
a general mailing list and website.
....Roy