You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Berin Lautenbach <be...@wingsofhermes.org> on 2006/04/23 13:35:18 UTC
Re: TLP Resolution
Werner just stired the pot on this in another forum, so I thought I'd
come back to it again.
Name aside (although I kinda like Sanctuary or some variant thereof), I
could just update the charter at the end of this trail and remove XML
from the words "XML Security" - so we end up with just stuff about
security technologies. That's a simple way forward - we create software
relating to security.
I note also Raul's thought on lack of resources. My take on that is
that by promoting to TLP we are not immediately doing more - but we are
providing more visibility of what we are doing. That's probably the
best way to start getting a broader audience interested in what we are
doing.
Thoughts welcome.
Cheers,
Berin
Jesse Pelton wrote:
> Some random ideas to get the name game going, based on your indicated
> vision for the project: "SecureSoft," "Security Software," "Vault,"
> "Shield," "Armor," "Guard," "Sanctuary," ,"Citadel," "Surety," "Security
> Blanket" (or "Linus," with a nod to Charles Schulz' "Peanuts," but you'd
> want to get permission). With the possible exception of the last, none
> of these indulge the Apache penchant for obscure references, though.
>
> But the name is really the last piece. You need a clearly articulated
> purpose and scope before you can come up with a name that fits.
>
> -----Original Message-----
> From: Berin Lautenbach [mailto:berin@wingsofhermes.org]
> Sent: Wednesday, March 15, 2006 3:13 AM
> To: security-dev@xml.apache.org
> Subject: Re: TLP Resolution
>
> Thoughts welcome :>.
>
> Berin Lautenbach wrote:
>
>
>>OK - I'm going to take the idea to the board.
>>
>>Before I do - we need a couple of things.
>>
>>1. A name. I'd personally be against anything fancy or non-obvious.
>>But I don't really want to use "Apache Security" as I think it will
>>get too confusing against the security group within the ASF (the group
>
>
>>that looks after security bug reports etc.) "Apache Infosec"?
>>"Apache Secure"? Obviously there is a reason I never went into
>
> marketing :>.
>
>>2. A scope. Probably not hard. "...open-source software related to
>>security..." is a good place to start I suspect :>.
>>
>>I also wouldn't mind to take some first steps as to what we want to
>
> do.
>
>> Obviously set up xml-security and JuiCE, but I'd personally like to
>>see the ASF become a source of best practice for security software as
>
> well.
>
>> Longer term - but an interesting goal for a tlp within the ASF. And
>>if we are going to use this as an exercise in raising interest in what
>
>
>>we are doing inside/outside the ASF, then we want to think about what
>>kind of message we want to give people when the project goes to top
>
> level.
>
>>I'd also like to use it as a central point people can go to in order
>>to see all security related software in the ASF. Not to have projects
>
>
>>like WS-Security under the security project, but to have links to
>>other projects/efforts in the ASF that are related to security
>
> software.
>
>>Thoughts welcome!
>>
>>Cheers,
>> Berin
>>
>>Ben Laurie wrote:
>>
>>
>>
>>>Davanum Srinivas wrote:
>>>
>>>
>>>
>>>>Dear Ben and Dear Ben,
>>>>
>>>>what do you guys think? A Security Federation/TLP/PMC. Starting with
>>>>Apache XML-Security and Apache Juice.
>>>
>>>
>>>It sounds like a very good idea to me, I'd certainly support it. Of
>>>course, we already have a CA. Written in, errr, perl :-)
>>>
>>>Cheers,
>>>
>>>Ben.
>>>
>>>
>>>
>>>
>>>>thanks,
>>>>-- dims
>>>>
>>>>On 3/11/06, Berin Lautenbach <be...@wingsofhermes.org> wrote:
>>>>
>>>>
>>>>
>>>>>I would be interested in widening it as well - with the proviso that
>
>
>>>>>it is like a federation. I.e. we use it to seed projects then build
>
>
>>>>>them and spawn them into TLPs once they grow to size.
>>>>>
>>>>>I might start sounding some people out.
>>>>>
>>>>>Dims - what's your thoughts?
>>>>>
>>>>>On the subject - having spent the most of Saturday searching for a
>>>>>decent Open Source CA, I'd now be interested in building one that
>>>>>doesn't use &^%$##@^%^ perl. I.e. do the core in C++ with perl/PHP
>>>>>being used for the interfacing only.
>>>>>
>>>>>Cheers,
>>>>> Berin
>>>>>
>>>>>Werner Dittmann wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>+1 from me.
>>>>>>
>>>>>>Just a comment regarding the charter: is it really only Apache XML
>>>>>>Security? IMHO this would be a bit too narrow, for example JuiCE is
>
>
>>>>>>not dependent on XML, maybe other security related software will be
>
>
>>>>>>pop up later as well.
>>>>>>
>>>>>>I would like to see an "Apache Security" PMC that would address all
>
>
>>>>>>kind of security relevant software and act as a solid base to
>>>>>>deliver security functions to other Apache projects. Also we may
>>>>>>think to browse existing Apache projects to see if there is already
>
>
>>>>>>software (maybe even multiply implemented) and pool them here.
>>>>>>
>>>>>>BTW, I would be happy to be a part of this activity.
>>>>>>
>>>>>>Regards,
>>>>>>Werner
>>>>>>
>>>>>>Berin Lautenbach wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Peoples,
>>>>>>>
>>>>>>>Sometime back we talked about becoming a TLP. With the recent
>>>>>>>JuiCE efforts, + JSR 105 + XKMS we are starting to see a few
>>>>>>>different things occuring. I'd be hugely in favour of starting
>>>>>>>something at a higher level in Apache to get some visibility.
>>>>>>>
>>>>>>>I'm also toying with the idea of creating a broader security
>>>>>>>project/federation to encourage that kind of software within the
>
> ASF.
>
>>>>>>>Thoughts?
>>>>>>>
>>>>>>>Draft proposal for the board below. If we want to do this - all
>>>>>>>active committers will need to vote either on this or on a broader
>
>
>>>>>>>(or even
>>>>>>>narrower!) charter terms of reference that we all can agree to.
>>>>>>>
>>>>>>>Cheers,
>>>>>>> Berin
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> WHEREAS, the Board of Directors deems it to be in the best
>>>>>>> interests of the Foundation and consistent with the
>>>>>>> Foundation's purpose to establish a Project Management
>>>>>>> Committee charged with the creation and maintenance of
>>>>>>> open-source software related to XML security technologies,
>>>>>>> for distribution at no charge to the public.
>>>>>>>
>>>>>>> NOW, THEREFORE, BE IT RESOLVED, that a Project Management
>>>>>>> Committee (PMC), to be known as the "Apache XML Security
>
> PMC",
>
>>>>>>> be and hereby is established pursuant to Bylaws of the
>>>>>>> Foundation; and be it further
>>>>>>>
>>>>>>> RESOLVED, that the Apache XML Security PMC be and hereby is
>>>>>>> responsible for the creation and maintenance of software
>>>>>>> related to creation and maintenance of open-source software
>>>>>>> related to XML security technologies based on software
>
> licensed
>
>>>>>>> to the Foundation; and be it further
>>>>>>>
>>>>>>> RESOLVED, that the office of "Vice President, Apache XML
>>>>>>> Security" be and hereby is created, the person holding such
>>>>>>> office to serve at the direction of the Board of Directors as
>>>>>>> the chair of the Apache XML Security PMC, and to have primary
>>>>>>> responsibility for management of the projects within the
>
> scope
>
>>>>>>> of responsibility of the Apache XML Security PMC; and be it
>>>>>>> further
>>>>>>>
>>>>>>> RESOLVED, that the persons listed immediately below be and
>>>>>>> hereby are appointed to serve as the initial members of the
>>>>>>> Apache XML Security PMC:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <!-- List out all committers in format of
>>>>>>> Berin Lautenbach <be...@wingsofhermes.org> -->
>>>>>>>
>>>>>>>
>>>>>>> NOW, THEREFORE, BE IT FURTHER RESOLVED, than ??
>>>>>>> <??...@apache.org> appointed to the office of Vice President,
>>>>>>> Apache XML Security, to serve in accordance with and subject
>>>>>>> to the direction of the Board of Directors and the Bylaws of
>
> the
>
>>>>>>> Foundation until death, resignation, retirement, removal or
>>>>>>> disqualification, or until a successor is appointed; and be
>
> it
>
>>>>>>> further
>>>>>>>
>>>>>>> RESOLVED, that the initial Apache XML Security PMC be and
>
> hereby
>
>>>>>>> is tasked with the creation of a set of bylaws intended to
>>>>>>> encourage open development and increased participation in the
>>>>>>> Apache XML Security Project; and be it further
>>>>>>>
>>>>>>> RESOLVED, that the initial Apache XML Security PMC be and
>
> hereby
>
>>>>>>> is tasked with the migration and rationalization of the
>
> Apache
>
>>>>>>> XML PMC XML Security subproject; and be it further
>>>>>>>
>>>>>>> RESOLVED, that all responsibility pertaining to the XML XML
>>>>>>> Security sub-project and encumbered upon the Apache XML PMC
>
> are
>
>>>>>>> hereafter discharged.
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>--
>>>>Davanum Srinivas : http://wso2.com/blogs/
>>>>
>>>>
>>>
>>>
>>>
>>
>
>
Re: TLP Resolution
Posted by Raul Benito <ra...@apache.org>.
On 4/23/06, Berin Lautenbach <be...@wingsofhermes.org> wrote:
> Werner just stired the pot on this in another forum, so I thought I'd
> come back to it again.
>
> Name aside (although I kinda like Sanctuary or some variant thereof), I
> could just update the charter at the end of this trail and remove XML
> from the words "XML Security" - so we end up with just stuff about
> security technologies. That's a simple way forward - we create software
> relating to security.
>
Cool name Sanctuary, really good +1.
> I note also Raul's thought on lack of resources. My take on that is
> that by promoting to TLP we are not immediately doing more - but we are
> providing more visibility of what we are doing. That's probably the
> best way to start getting a broader audience interested in what we are
> doing.
>
Fine for me, only we need to take this into account.
Regards,
> Thoughts welcome.
>
> Cheers,
> Berin
>
> Jesse Pelton wrote:
>
> > Some random ideas to get the name game going, based on your indicated
> > vision for the project: "SecureSoft," "Security Software," "Vault,"
> > "Shield," "Armor," "Guard," "Sanctuary," ,"Citadel," "Surety," "Security
> > Blanket" (or "Linus," with a nod to Charles Schulz' "Peanuts," but you'd
> > want to get permission). With the possible exception of the last, none
> > of these indulge the Apache penchant for obscure references, though.
> >
> > But the name is really the last piece. You need a clearly articulated
> > purpose and scope before you can come up with a name that fits.
> >
> > -----Original Message-----
> > From: Berin Lautenbach [mailto:berin@wingsofhermes.org]
> > Sent: Wednesday, March 15, 2006 3:13 AM
> > To: security-dev@xml.apache.org
> > Subject: Re: TLP Resolution
> >
> > Thoughts welcome :>.
> >
> > Berin Lautenbach wrote:
> >
> >
> >>OK - I'm going to take the idea to the board.
> >>
> >>Before I do - we need a couple of things.
> >>
> >>1. A name. I'd personally be against anything fancy or non-obvious.
> >>But I don't really want to use "Apache Security" as I think it will
> >>get too confusing against the security group within the ASF (the group
> >
> >
> >>that looks after security bug reports etc.) "Apache Infosec"?
> >>"Apache Secure"? Obviously there is a reason I never went into
> >
> > marketing :>.
> >
> >>2. A scope. Probably not hard. "...open-source software related to
> >>security..." is a good place to start I suspect :>.
> >>
> >>I also wouldn't mind to take some first steps as to what we want to
> >
> > do.
> >
> >> Obviously set up xml-security and JuiCE, but I'd personally like to
> >>see the ASF become a source of best practice for security software as
> >
> > well.
> >
> >> Longer term - but an interesting goal for a tlp within the ASF. And
> >>if we are going to use this as an exercise in raising interest in what
> >
> >
> >>we are doing inside/outside the ASF, then we want to think about what
> >>kind of message we want to give people when the project goes to top
> >
> > level.
> >
> >>I'd also like to use it as a central point people can go to in order
> >>to see all security related software in the ASF. Not to have projects
> >
> >
> >>like WS-Security under the security project, but to have links to
> >>other projects/efforts in the ASF that are related to security
> >
> > software.
> >
> >>Thoughts welcome!
> >>
> >>Cheers,
> >> Berin
> >>
> >>Ben Laurie wrote:
> >>
> >>
> >>
> >>>Davanum Srinivas wrote:
> >>>
> >>>
> >>>
> >>>>Dear Ben and Dear Ben,
> >>>>
> >>>>what do you guys think? A Security Federation/TLP/PMC. Starting with
> >>>>Apache XML-Security and Apache Juice.
> >>>
> >>>
> >>>It sounds like a very good idea to me, I'd certainly support it. Of
> >>>course, we already have a CA. Written in, errr, perl :-)
> >>>
> >>>Cheers,
> >>>
> >>>Ben.
> >>>
> >>>
> >>>
> >>>
> >>>>thanks,
> >>>>-- dims
> >>>>
> >>>>On 3/11/06, Berin Lautenbach <be...@wingsofhermes.org> wrote:
> >>>>
> >>>>
> >>>>
> >>>>>I would be interested in widening it as well - with the proviso that
> >
> >
> >>>>>it is like a federation. I.e. we use it to seed projects then build
> >
> >
> >>>>>them and spawn them into TLPs once they grow to size.
> >>>>>
> >>>>>I might start sounding some people out.
> >>>>>
> >>>>>Dims - what's your thoughts?
> >>>>>
> >>>>>On the subject - having spent the most of Saturday searching for a
> >>>>>decent Open Source CA, I'd now be interested in building one that
> >>>>>doesn't use &^%$##@^%^ perl. I.e. do the core in C++ with perl/PHP
> >>>>>being used for the interfacing only.
> >>>>>
> >>>>>Cheers,
> >>>>> Berin
> >>>>>
> >>>>>Werner Dittmann wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>+1 from me.
> >>>>>>
> >>>>>>Just a comment regarding the charter: is it really only Apache XML
> >>>>>>Security? IMHO this would be a bit too narrow, for example JuiCE is
> >
> >
> >>>>>>not dependent on XML, maybe other security related software will be
> >
> >
> >>>>>>pop up later as well.
> >>>>>>
> >>>>>>I would like to see an "Apache Security" PMC that would address all
> >
> >
> >>>>>>kind of security relevant software and act as a solid base to
> >>>>>>deliver security functions to other Apache projects. Also we may
> >>>>>>think to browse existing Apache projects to see if there is already
> >
> >
> >>>>>>software (maybe even multiply implemented) and pool them here.
> >>>>>>
> >>>>>>BTW, I would be happy to be a part of this activity.
> >>>>>>
> >>>>>>Regards,
> >>>>>>Werner
> >>>>>>
> >>>>>>Berin Lautenbach wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>Peoples,
> >>>>>>>
> >>>>>>>Sometime back we talked about becoming a TLP. With the recent
> >>>>>>>JuiCE efforts, + JSR 105 + XKMS we are starting to see a few
> >>>>>>>different things occuring. I'd be hugely in favour of starting
> >>>>>>>something at a higher level in Apache to get some visibility.
> >>>>>>>
> >>>>>>>I'm also toying with the idea of creating a broader security
> >>>>>>>project/federation to encourage that kind of software within the
> >
> > ASF.
> >
> >>>>>>>Thoughts?
> >>>>>>>
> >>>>>>>Draft proposal for the board below. If we want to do this - all
> >>>>>>>active committers will need to vote either on this or on a broader
> >
> >
> >>>>>>>(or even
> >>>>>>>narrower!) charter terms of reference that we all can agree to.
> >>>>>>>
> >>>>>>>Cheers,
> >>>>>>> Berin
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> WHEREAS, the Board of Directors deems it to be in the best
> >>>>>>> interests of the Foundation and consistent with the
> >>>>>>> Foundation's purpose to establish a Project Management
> >>>>>>> Committee charged with the creation and maintenance of
> >>>>>>> open-source software related to XML security technologies,
> >>>>>>> for distribution at no charge to the public.
> >>>>>>>
> >>>>>>> NOW, THEREFORE, BE IT RESOLVED, that a Project Management
> >>>>>>> Committee (PMC), to be known as the "Apache XML Security
> >
> > PMC",
> >
> >>>>>>> be and hereby is established pursuant to Bylaws of the
> >>>>>>> Foundation; and be it further
> >>>>>>>
> >>>>>>> RESOLVED, that the Apache XML Security PMC be and hereby is
> >>>>>>> responsible for the creation and maintenance of software
> >>>>>>> related to creation and maintenance of open-source software
> >>>>>>> related to XML security technologies based on software
> >
> > licensed
> >
> >>>>>>> to the Foundation; and be it further
> >>>>>>>
> >>>>>>> RESOLVED, that the office of "Vice President, Apache XML
> >>>>>>> Security" be and hereby is created, the person holding such
> >>>>>>> office to serve at the direction of the Board of Directors as
> >>>>>>> the chair of the Apache XML Security PMC, and to have primary
> >>>>>>> responsibility for management of the projects within the
> >
> > scope
> >
> >>>>>>> of responsibility of the Apache XML Security PMC; and be it
> >>>>>>> further
> >>>>>>>
> >>>>>>> RESOLVED, that the persons listed immediately below be and
> >>>>>>> hereby are appointed to serve as the initial members of the
> >>>>>>> Apache XML Security PMC:
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> <!-- List out all committers in format of
> >>>>>>> Berin Lautenbach <be...@wingsofhermes.org> -->
> >>>>>>>
> >>>>>>>
> >>>>>>> NOW, THEREFORE, BE IT FURTHER RESOLVED, than ??
> >>>>>>> <??...@apache.org> appointed to the office of Vice President,
> >>>>>>> Apache XML Security, to serve in accordance with and subject
> >>>>>>> to the direction of the Board of Directors and the Bylaws of
> >
> > the
> >
> >>>>>>> Foundation until death, resignation, retirement, removal or
> >>>>>>> disqualification, or until a successor is appointed; and be
> >
> > it
> >
> >>>>>>> further
> >>>>>>>
> >>>>>>> RESOLVED, that the initial Apache XML Security PMC be and
> >
> > hereby
> >
> >>>>>>> is tasked with the creation of a set of bylaws intended to
> >>>>>>> encourage open development and increased participation in the
> >>>>>>> Apache XML Security Project; and be it further
> >>>>>>>
> >>>>>>> RESOLVED, that the initial Apache XML Security PMC be and
> >
> > hereby
> >
> >>>>>>> is tasked with the migration and rationalization of the
> >
> > Apache
> >
> >>>>>>> XML PMC XML Security subproject; and be it further
> >>>>>>>
> >>>>>>> RESOLVED, that all responsibility pertaining to the XML XML
> >>>>>>> Security sub-project and encumbered upon the Apache XML PMC
> >
> > are
> >
> >>>>>>> hereafter discharged.
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>--
> >>>>Davanum Srinivas : http://wso2.com/blogs/
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>
> >
> >
>
--
http://r-bg.com