santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Berin Lautenbach <be...@wingsofhermes.org>
Subject Re: TLP Resolution
Date Sun, 23 Apr 2006 11:35:18 GMT
Werner just stired the pot on this in another forum, so I thought I'd
come back to it again.

Name aside (although I kinda like Sanctuary or some variant thereof), I
could just update the charter at the end of this trail and remove XML
from the words "XML Security" - so we end up with just stuff about
security technologies.  That's a simple way forward - we create software
relating to security.

I note also Raul's thought on lack of resources.  My take on that is
that by promoting to TLP we are not immediately doing more - but we are
providing more visibility of what we are doing.  That's probably the
best way to start getting a broader audience interested in what we are
doing.

Thoughts welcome.

Cheers,
	Berin

Jesse Pelton wrote:

> Some random ideas to get the name game going, based on your indicated
> vision for the project: "SecureSoft," "Security Software," "Vault,"
> "Shield," "Armor," "Guard," "Sanctuary," ,"Citadel," "Surety," "Security
> Blanket" (or "Linus," with a nod to Charles Schulz' "Peanuts," but you'd
> want to get permission).  With the possible exception of the last, none
> of these indulge the Apache penchant for obscure references, though.
> 
> But the name is really the last piece.  You need a clearly articulated
> purpose and scope before you can come up with a name that fits.
> 
> -----Original Message-----
> From: Berin Lautenbach [mailto:berin@wingsofhermes.org] 
> Sent: Wednesday, March 15, 2006 3:13 AM
> To: security-dev@xml.apache.org
> Subject: Re: TLP Resolution
> 
> Thoughts welcome :>.
> 
> Berin Lautenbach wrote:
> 
> 
>>OK - I'm going to take the idea to the board.
>>
>>Before I do - we need a couple of things.
>>
>>1.  A name.  I'd personally be against anything fancy or non-obvious.
>>But I don't really want to use "Apache Security" as I think it will 
>>get too confusing against the security group within the ASF (the group
> 
> 
>>that looks after security bug reports etc.)  "Apache Infosec"?  
>>"Apache Secure"?  Obviously there is a reason I never went into
> 
> marketing :>.
> 
>>2.  A scope.  Probably not hard.  "...open-source software related to 
>>security..." is a good place to start I suspect :>.
>>
>>I also wouldn't mind to take some first steps as to what we want to
> 
> do.
> 
>> Obviously set up xml-security and JuiCE, but I'd personally like to 
>>see the ASF become a source of best practice for security software as
> 
> well.
> 
>> Longer term - but an interesting goal for a tlp within the ASF.  And 
>>if we are going to use this as an exercise in raising interest in what
> 
> 
>>we are doing inside/outside the ASF, then we want to think about what 
>>kind of message we want to give people when the project goes to top
> 
> level.
> 
>>I'd also like to use it as a central point people can go to in order 
>>to see all security related software in the ASF.  Not to have projects
> 
> 
>>like WS-Security under the security project, but to have links to 
>>other projects/efforts in the ASF that are related to security
> 
> software.
> 
>>Thoughts welcome!
>>
>>Cheers,
>>	Berin
>>
>>Ben Laurie wrote:
>>
>>
>>
>>>Davanum Srinivas wrote:
>>>
>>>
>>>
>>>>Dear Ben and Dear Ben,
>>>>
>>>>what do you guys think? A Security Federation/TLP/PMC. Starting with 
>>>>Apache XML-Security and Apache Juice.
>>>
>>>
>>>It sounds like a very good idea to me, I'd certainly support it. Of 
>>>course, we already have a CA. Written in, errr, perl :-)
>>>
>>>Cheers,
>>>
>>>Ben.
>>>
>>>
>>>
>>>
>>>>thanks,
>>>>-- dims
>>>>
>>>>On 3/11/06, Berin Lautenbach <berin@wingsofhermes.org> wrote:
>>>>
>>>>
>>>>
>>>>>I would be interested in widening it as well - with the proviso that
> 
> 
>>>>>it is like a federation.  I.e. we use it to seed projects then build
> 
> 
>>>>>them and spawn them into TLPs once they grow to size.
>>>>>
>>>>>I might start sounding some people out.
>>>>>
>>>>>Dims - what's your thoughts?
>>>>>
>>>>>On the subject - having spent the most of Saturday searching for a 
>>>>>decent Open Source CA, I'd now be interested in building one that 
>>>>>doesn't use &^%$##@^%^ perl.  I.e. do the core in C++ with perl/PHP

>>>>>being used for the interfacing only.
>>>>>
>>>>>Cheers,
>>>>>      Berin
>>>>>
>>>>>Werner Dittmann wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>+1 from me.
>>>>>>
>>>>>>Just a comment regarding the charter: is it really only Apache XML

>>>>>>Security? IMHO this would be a bit too narrow, for example JuiCE is
> 
> 
>>>>>>not dependent on XML, maybe other security related software will be
> 
> 
>>>>>>pop up later as well.
>>>>>>
>>>>>>I would like to see an "Apache Security" PMC that would address all
> 
> 
>>>>>>kind of security relevant software and act as a solid base to 
>>>>>>deliver security functions to other Apache projects. Also we may 
>>>>>>think to browse existing Apache projects to see if there is already
> 
> 
>>>>>>software (maybe even multiply implemented) and pool them here.
>>>>>>
>>>>>>BTW, I would be happy to be a part of this activity.
>>>>>>
>>>>>>Regards,
>>>>>>Werner
>>>>>>
>>>>>>Berin Lautenbach wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Peoples,
>>>>>>>
>>>>>>>Sometime back we talked about becoming a TLP.  With the recent

>>>>>>>JuiCE efforts, + JSR 105 + XKMS we are starting to see a few 
>>>>>>>different things occuring.  I'd be hugely in favour of starting

>>>>>>>something at a higher level in Apache to get some visibility.
>>>>>>>
>>>>>>>I'm also toying with the idea of creating a broader security 
>>>>>>>project/federation to encourage that kind of software within the
> 
> ASF.
> 
>>>>>>>Thoughts?
>>>>>>>
>>>>>>>Draft proposal for the board below.  If we want to do this - all

>>>>>>>active committers will need to vote either on this or on a broader
> 
> 
>>>>>>>(or even
>>>>>>>narrower!) charter terms of reference that we all can agree to.
>>>>>>>
>>>>>>>Cheers,
>>>>>>>   Berin
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>    WHEREAS, the Board of Directors deems it to be in the best
>>>>>>>    interests of the Foundation and consistent with the
>>>>>>>    Foundation's purpose to establish a Project Management
>>>>>>>    Committee charged with the creation and maintenance of
>>>>>>>    open-source software related to XML security technologies,
>>>>>>>    for distribution at no charge to the public.
>>>>>>>
>>>>>>>    NOW, THEREFORE, BE IT RESOLVED, that a Project Management
>>>>>>>    Committee (PMC), to be known as the "Apache XML Security
> 
> PMC",
> 
>>>>>>>    be and hereby is established pursuant to Bylaws of the
>>>>>>>    Foundation; and be it further
>>>>>>>
>>>>>>>    RESOLVED, that the Apache XML Security PMC be and hereby is
>>>>>>>    responsible for the creation and maintenance of software
>>>>>>>    related to creation and maintenance of open-source software
>>>>>>>    related to XML security technologies based on software
> 
> licensed
> 
>>>>>>>    to the Foundation; and be it further
>>>>>>>
>>>>>>>    RESOLVED, that the office of "Vice President, Apache XML
>>>>>>>    Security" be and hereby is created, the person holding such
>>>>>>>    office to serve at the direction of the Board of Directors
as
>>>>>>>    the chair of the Apache XML Security PMC, and to have primary
>>>>>>>    responsibility for management of the projects within the
> 
> scope
> 
>>>>>>>    of responsibility of the Apache XML Security PMC; and be it
>>>>>>>    further
>>>>>>>
>>>>>>>    RESOLVED, that the persons listed immediately below be and
>>>>>>>    hereby are appointed to serve as the initial members of the
>>>>>>>    Apache XML Security PMC:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <!-- List out all committers in format of
>>>>>>>   Berin Lautenbach <berin@wingsofhermes.org>  -->
>>>>>>>
>>>>>>>
>>>>>>>    NOW, THEREFORE, BE IT FURTHER RESOLVED, than ??
>>>>>>>    <??@apache.org> appointed to the office of Vice President,
>>>>>>>    Apache XML Security, to serve in accordance with and subject
>>>>>>>    to the direction of the Board of Directors and the Bylaws
of
> 
> the
> 
>>>>>>>    Foundation until death, resignation, retirement, removal or
>>>>>>>    disqualification, or until a successor is appointed; and be
> 
> it
> 
>>>>>>>    further
>>>>>>>
>>>>>>>    RESOLVED, that the initial Apache XML Security PMC be and
> 
> hereby
> 
>>>>>>>    is tasked with the creation of a set of bylaws intended to
>>>>>>>    encourage open development and increased participation in
the
>>>>>>>    Apache XML Security Project; and be it further
>>>>>>>
>>>>>>>    RESOLVED, that the initial Apache XML Security PMC be and
> 
> hereby
> 
>>>>>>>    is tasked with the migration and rationalization of the
> 
> Apache
> 
>>>>>>>    XML PMC XML Security subproject; and be it further
>>>>>>>
>>>>>>>    RESOLVED, that all responsibility pertaining to the XML XML
>>>>>>>    Security sub-project and encumbered upon the Apache XML PMC
> 
> are
> 
>>>>>>>    hereafter discharged.
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>--
>>>>Davanum Srinivas : http://wso2.com/blogs/
>>>>
>>>>
>>>
>>>
>>>
>>
> 
> 

Mime
View raw message