santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Werner Dittmann <>
Subject Re: [Fwd: [VOTE] Put Apache Juice into dormant status]
Date Mon, 16 Jul 2007 15:14:50 GMT
Berin, all,

just a few days ago I got an e-mail from OSSI (this organization
prepared and drove the FIPS certification for openSSL) asking
us if somebody would can improve JuiCE to have it FIPS certified
as well. As far as I understood JuICE is often used by US
administration because it is a Java JCE compliant interface
to openSSL. Pls have a look to the latest e-mail conversation.

If anbbody with some know-how would like to volounteer pls get
in contace with Steve ( and myself.

This I would ask to keep JuICE until this issue is sorted out.




unfortunatly I'm not able to do this completely on my own. JuiCE and other
Open source acivities are just a hobby of mine and I do it in parallel to
my normal job. I would appreciate if somebody else can take over the main

Of course I would be happy to support the person who takes the burden
to enable JuiCE to be FIPS compliant. Coordination could be done via
e-mail or VoIP calls, depending on the time zone of the participating
persons  :-)  .

And yes: <> is the latest
version of the source.


Steve Marquess wrote:
> > Steve Marquess wrote:
>> >> Werner:
>> >>
>> >> One of the activities that occupies much of our time here at OSSI is
>> >> matching up the needs of commercial and government entities with the
>> >> appropriate resources in the open source community.  Usually the sponsor
>> >>  requirements are pretty clear cut ("obtain FIPS 140-2 validation for
>> >> X", "add support for platform Y to product Z", etc.).
>> >>
>> >> This situation is a little different in that the prospective sponsor, a
>> >> large U.S. government research laboratory, appears to just want JuiCE to
>> >> be a viable actively maintained product.  Apparently they want to use it
>> >> extensively but are concerned about the lack of activity and unpolished
>> >> state.
>> >>
>> >> Here specifically is what my contact there asked for:  "Besides work on
>> >> supporting FIPS mode, I'd like to see money put towards more
>> >> documentation, tutorials, and a more collaborative project home page to
>> >> attract wider adoption."
>> >>
>> >> The only actual functional enhancement they're asking for, FIPS mode
>> >> support, is relatively simple, as most a few day's work.  This contact
>> >> went on to ask me to write a Statement of Work ("SOW", a description of
>> >> tasks to be performed for specified payment) which would be the basis
>> >> for a contract.
>> >>
>> >> If you're interested, here's how we can work it.  If you can give me
>> >> some details along the following lines...
>> >>
>> >>     1) Cost to implement FIPS mode support (see
>> >> for details, it can
>> >> be as simple as adding a FIPS_mode_set() call.
>> >>     2) Some elaboration on the "documentation, tutorials" objective, and
>> >> what you and/or your collaborators would expect to be paid for same;
>> >>     3) Brief description of what the "project home page" would look
>> >> like; ok to just reference an existing project as a model, and cost to
>> >> implement;
>> >>     4) Any other enhancements that have been contemplated that would be
>> >> of interest to the general end user community, and cost for same
>> >>
>> >> ...then I will prepare a formal proposal for our prospective sponsor and
>> >> see what funding they will commit to.
>> >>
>> >> Note we can host the project web site on OSSI hardware, if appropriate,
>> >> but are not in a position to generate or maintain much content.
>> >>
>> >> For funding think in terms of thousands of dollars (or euros), not
>> >> hundreds.  I believe that if they feel they are receiving value that
>> >> they would be willing to fund this effort on a long term basis to the
>> >> tune of thousands or even tens of thousands per year.  We won't know for
>> >> sure until they are presented with a formal contract, of course, and
>> >> there will undoubtedly be some back-and-forth negotiation.
>> >>
>> >> As many project contributors or collaborators can contribute as
>> >> appropriate.  We prefer to work with a projects original contributors
>> >> and their circle of collaborators where possible.  We'll want a single
>> >> point of contact with OSSI, but end results that please the sponsor are
>> >> all that really matters.
>> >>
>> >> Speaking of which, I don't want to step on any toes at Apache.  If we do
>> >> succeed in securing financial support for JuiCE we would not want to
>> >> disturb the relationship with the Apache Incubator.  Is there anyone at
>> >> Apache I should sound out for permission/participation?  OSSI has not
>> >> had the opportunity to work with the ASF yet, but we expect to in the
>> >> near future for other initiatives so I don't want to offend anyone there.
>> >>
>> >> Oh, I take it that is the
>> >> latest and greatest source, and that there is no JuiCE project page per
>> >>
> >
> > Werner, all:
> >
> > We're being nagged again by the sponsor.  They seem to be really
> > interested in reviving the JuiCE project.  Any interest in working with
> > us to develop a proposal to secure the funding they have indicated would
> > be forthcoming?
> >
> > If none of the original maintainers are able to participate we can
> > engage Java developers elsewhere, but we'd prefer to work with the
> > original team if at all possible.
> >
> > Thanks,
> >
> > -Steve M.


Berin Lautenbach wrote:
> If we want to keep this going - we need to call it out now.
> Cheers,
>     Berin
> -------- Original Message --------
> Subject: [VOTE] Put Apache Juice into dormant status
> Date: Mon, 16 Jul 2007 00:12:13 -0400
> From: Noel J. Bergman <>
> Reply-To:,    <>
> To: <>
> Nothing appears to be happening, and there is no one around to provide
> status or anything else.
>     --- Noel
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View raw message