santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Berin Lautenbach <be...@wingsofhermes.org>
Subject Re: TLP Resolution
Date Mon, 13 Mar 2006 10:36:05 GMT
OK - I'm going to take the idea to the board.

Before I do - we need a couple of things.

1.  A name.  I'd personally be against anything fancy or non-obvious.
But I don't really want to use "Apache Security" as I think it will get
too confusing against the security group within the ASF (the group that
looks after security bug reports etc.)  "Apache Infosec"?  "Apache
Secure"?  Obviously there is a reason I never went into marketing :>.

2.  A scope.  Probably not hard.  "...open-source software related to
security..." is a good place to start I suspect :>.

I also wouldn't mind to take some first steps as to what we want to do.
 Obviously set up xml-security and JuiCE, but I'd personally like to see
the ASF become a source of best practice for security software as well.
 Longer term - but an interesting goal for a tlp within the ASF.  And if
we are going to use this as an exercise in raising interest in what we
are doing inside/outside the ASF, then we want to think about what kind
of message we want to give people when the project goes to top level.

I'd also like to use it as a central point people can go to in order to
see all security related software in the ASF.  Not to have projects like
WS-Security under the security project, but to have links to other
projects/efforts in the ASF that are related to security software.

Thoughts welcome!

Cheers,
	Berin

Ben Laurie wrote:

> Davanum Srinivas wrote:
> 
>>Dear Ben and Dear Ben,
>>
>>what do you guys think? A Security Federation/TLP/PMC. Starting with
>>Apache XML-Security and Apache Juice.
> 
> 
> It sounds like a very good idea to me, I'd certainly support it. Of
> course, we already have a CA. Written in, errr, perl :-)
> 
> Cheers,
> 
> Ben.
> 
> 
>>thanks,
>>-- dims
>>
>>On 3/11/06, Berin Lautenbach <berin@wingsofhermes.org> wrote:
>>
>>>I would be interested in widening it as well - with the proviso that it
>>>is like a federation.  I.e. we use it to seed projects then build them
>>>and spawn them into TLPs once they grow to size.
>>>
>>>I might start sounding some people out.
>>>
>>>Dims - what's your thoughts?
>>>
>>>On the subject - having spent the most of Saturday searching for a
>>>decent Open Source CA, I'd now be interested in building one that
>>>doesn't use &^%$##@^%^ perl.  I.e. do the core in C++ with perl/PHP
>>>being used for the interfacing only.
>>>
>>>Cheers,
>>>        Berin
>>>
>>>Werner Dittmann wrote:
>>>
>>>
>>>>+1 from me.
>>>>
>>>>Just a comment regarding the charter: is it really only Apache XML
>>>>Security? IMHO this would be a bit too narrow, for example JuiCE is
>>>>not dependent on XML, maybe other security related software will be
>>>>pop up later as well.
>>>>
>>>>I would like to see an "Apache Security" PMC that would address all
>>>>kind of security relevant software and act as a solid base to deliver
>>>>security functions to other Apache projects. Also we may think to
>>>>browse existing Apache projects to see if there is already software
>>>>(maybe even multiply implemented) and pool them here.
>>>>
>>>>BTW, I would be happy to be a part of this activity.
>>>>
>>>>Regards,
>>>>Werner
>>>>
>>>>Berin Lautenbach wrote:
>>>>
>>>>
>>>>>Peoples,
>>>>>
>>>>>Sometime back we talked about becoming a TLP.  With the recent JuiCE
>>>>>efforts, + JSR 105 + XKMS we are starting to see a few different things
>>>>>occuring.  I'd be hugely in favour of starting something at a higher
>>>>>level in Apache to get some visibility.
>>>>>
>>>>>I'm also toying with the idea of creating a broader security
>>>>>project/federation to encourage that kind of software within the ASF.
>>>>>
>>>>>Thoughts?
>>>>>
>>>>>Draft proposal for the board below.  If we want to do this - all active
>>>>>committers will need to vote either on this or on a broader (or even
>>>>>narrower!) charter terms of reference that we all can agree to.
>>>>>
>>>>>Cheers,
>>>>>     Berin
>>>>>
>>>>>
>>>>>
>>>>>      WHEREAS, the Board of Directors deems it to be in the best
>>>>>      interests of the Foundation and consistent with the
>>>>>      Foundation's purpose to establish a Project Management
>>>>>      Committee charged with the creation and maintenance of
>>>>>      open-source software related to XML security technologies,
>>>>>      for distribution at no charge to the public.
>>>>>
>>>>>      NOW, THEREFORE, BE IT RESOLVED, that a Project Management
>>>>>      Committee (PMC), to be known as the "Apache XML Security PMC",
>>>>>      be and hereby is established pursuant to Bylaws of the
>>>>>      Foundation; and be it further
>>>>>
>>>>>      RESOLVED, that the Apache XML Security PMC be and hereby is
>>>>>      responsible for the creation and maintenance of software
>>>>>      related to creation and maintenance of open-source software
>>>>>      related to XML security technologies based on software licensed
>>>>>      to the Foundation; and be it further
>>>>>
>>>>>      RESOLVED, that the office of "Vice President, Apache XML
>>>>>      Security" be and hereby is created, the person holding such
>>>>>      office to serve at the direction of the Board of Directors as
>>>>>      the chair of the Apache XML Security PMC, and to have primary
>>>>>      responsibility for management of the projects within the scope
>>>>>      of responsibility of the Apache XML Security PMC; and be it
>>>>>      further
>>>>>
>>>>>      RESOLVED, that the persons listed immediately below be and
>>>>>      hereby are appointed to serve as the initial members of the
>>>>>      Apache XML Security PMC:
>>>>>
>>>>>
>>>>>
>>>>>   <!-- List out all committers in format of
>>>>>     Berin Lautenbach <berin@wingsofhermes.org>
>>>>>   -->
>>>>>
>>>>>
>>>>>      NOW, THEREFORE, BE IT FURTHER RESOLVED, than ??
>>>>>      <??@apache.org> appointed to the office of Vice President,
>>>>>      Apache XML Security, to serve in accordance with and subject
>>>>>      to the direction of the Board of Directors and the Bylaws of the
>>>>>      Foundation until death, resignation, retirement, removal or
>>>>>      disqualification, or until a successor is appointed; and be it
>>>>>      further
>>>>>
>>>>>      RESOLVED, that the initial Apache XML Security PMC be and hereby
>>>>>      is tasked with the creation of a set of bylaws intended to
>>>>>      encourage open development and increased participation in the
>>>>>      Apache XML Security Project; and be it further
>>>>>
>>>>>      RESOLVED, that the initial Apache XML Security PMC be and hereby
>>>>>      is tasked with the migration and rationalization of the Apache
>>>>>      XML PMC XML Security subproject; and be it further
>>>>>
>>>>>      RESOLVED, that all responsibility pertaining to the XML XML
>>>>>      Security sub-project and encumbered upon the Apache XML PMC are
>>>>>      hereafter discharged.
>>>>>
>>>>
>>>>
>>>>
>>
>>--
>>Davanum Srinivas : http://wso2.com/blogs/
>>
>>
> 
> 
> 

Mime
View raw message