Thoughts welcome :>. Berin Lautenbach wrote:
> OK - I'm going to take the idea to the board. > > Before I do - we need a couple of things. > > 1. A name. I'd personally be against anything fancy or non-obvious. > But I don't really want to use "Apache Security" as I think it will get > too confusing against the security group within the ASF (the group that > looks after security bug reports etc.) "Apache Infosec"? "Apache > Secure"? Obviously there is a reason I never went into marketing :>. > > 2. A scope. Probably not hard. "...open-source software related to > security..." is a good place to start I suspect :>. > > I also wouldn't mind to take some first steps as to what we want to do. > Obviously set up xml-security and JuiCE, but I'd personally like to see > the ASF become a source of best practice for security software as well. > Longer term - but an interesting goal for a tlp within the ASF. And if > we are going to use this as an exercise in raising interest in what we > are doing inside/outside the ASF, then we want to think about what kind > of message we want to give people when the project goes to top level. > > I'd also like to use it as a central point people can go to in order to > see all security related software in the ASF. Not to have projects like > WS-Security under the security project, but to have links to other > projects/efforts in the ASF that are related to security software. > > Thoughts welcome! > > Cheers, > Berin > > Ben Laurie wrote: > > >>Davanum Srinivas wrote: >> >> >>>Dear Ben and Dear Ben, >>> >>>what do you guys think? A Security Federation/TLP/PMC. Starting with >>>Apache XML-Security and Apache Juice. >> >> >>It sounds like a very good idea to me, I'd certainly support it. Of >>course, we already have a CA. Written in, errr, perl :-) >> >>Cheers, >> >>Ben. >> >> >> >>>thanks, >>>-- dims >>> >>>On 3/11/06, Berin Lautenbach <[EMAIL PROTECTED]> wrote: >>> >>> >>>>I would be interested in widening it as well - with the proviso that it >>>>is like a federation. I.e. we use it to seed projects then build them >>>>and spawn them into TLPs once they grow to size. >>>> >>>>I might start sounding some people out. >>>> >>>>Dims - what's your thoughts? >>>> >>>>On the subject - having spent the most of Saturday searching for a >>>>decent Open Source CA, I'd now be interested in building one that >>>>doesn't use &[EMAIL PROTECTED] perl. I.e. do the core in C++ with perl/PHP >>>>being used for the interfacing only. >>>> >>>>Cheers, >>>> Berin >>>> >>>>Werner Dittmann wrote: >>>> >>>> >>>> >>>>>+1 from me. >>>>> >>>>>Just a comment regarding the charter: is it really only Apache XML >>>>>Security? IMHO this would be a bit too narrow, for example JuiCE is >>>>>not dependent on XML, maybe other security related software will be >>>>>pop up later as well. >>>>> >>>>>I would like to see an "Apache Security" PMC that would address all >>>>>kind of security relevant software and act as a solid base to deliver >>>>>security functions to other Apache projects. Also we may think to >>>>>browse existing Apache projects to see if there is already software >>>>>(maybe even multiply implemented) and pool them here. >>>>> >>>>>BTW, I would be happy to be a part of this activity. >>>>> >>>>>Regards, >>>>>Werner >>>>> >>>>>Berin Lautenbach wrote: >>>>> >>>>> >>>>> >>>>>>Peoples, >>>>>> >>>>>>Sometime back we talked about becoming a TLP. With the recent JuiCE >>>>>>efforts, + JSR 105 + XKMS we are starting to see a few different things >>>>>>occuring. I'd be hugely in favour of starting something at a higher >>>>>>level in Apache to get some visibility. >>>>>> >>>>>>I'm also toying with the idea of creating a broader security >>>>>>project/federation to encourage that kind of software within the ASF. >>>>>> >>>>>>Thoughts? >>>>>> >>>>>>Draft proposal for the board below. If we want to do this - all active >>>>>>committers will need to vote either on this or on a broader (or even >>>>>>narrower!) charter terms of reference that we all can agree to. >>>>>> >>>>>>Cheers, >>>>>> Berin >>>>>> >>>>>> >>>>>> >>>>>> WHEREAS, the Board of Directors deems it to be in the best >>>>>> interests of the Foundation and consistent with the >>>>>> Foundation's purpose to establish a Project Management >>>>>> Committee charged with the creation and maintenance of >>>>>> open-source software related to XML security technologies, >>>>>> for distribution at no charge to the public. >>>>>> >>>>>> NOW, THEREFORE, BE IT RESOLVED, that a Project Management >>>>>> Committee (PMC), to be known as the "Apache XML Security PMC", >>>>>> be and hereby is established pursuant to Bylaws of the >>>>>> Foundation; and be it further >>>>>> >>>>>> RESOLVED, that the Apache XML Security PMC be and hereby is >>>>>> responsible for the creation and maintenance of software >>>>>> related to creation and maintenance of open-source software >>>>>> related to XML security technologies based on software licensed >>>>>> to the Foundation; and be it further >>>>>> >>>>>> RESOLVED, that the office of "Vice President, Apache XML >>>>>> Security" be and hereby is created, the person holding such >>>>>> office to serve at the direction of the Board of Directors as >>>>>> the chair of the Apache XML Security PMC, and to have primary >>>>>> responsibility for management of the projects within the scope >>>>>> of responsibility of the Apache XML Security PMC; and be it >>>>>> further >>>>>> >>>>>> RESOLVED, that the persons listed immediately below be and >>>>>> hereby are appointed to serve as the initial members of the >>>>>> Apache XML Security PMC: >>>>>> >>>>>> >>>>>> >>>>>> <!-- List out all committers in format of >>>>>> Berin Lautenbach <[EMAIL PROTECTED]> >>>>>> --> >>>>>> >>>>>> >>>>>> NOW, THEREFORE, BE IT FURTHER RESOLVED, than ?? >>>>>> <[EMAIL PROTECTED]> appointed to the office of Vice President, >>>>>> Apache XML Security, to serve in accordance with and subject >>>>>> to the direction of the Board of Directors and the Bylaws of the >>>>>> Foundation until death, resignation, retirement, removal or >>>>>> disqualification, or until a successor is appointed; and be it >>>>>> further >>>>>> >>>>>> RESOLVED, that the initial Apache XML Security PMC be and hereby >>>>>> is tasked with the creation of a set of bylaws intended to >>>>>> encourage open development and increased participation in the >>>>>> Apache XML Security Project; and be it further >>>>>> >>>>>> RESOLVED, that the initial Apache XML Security PMC be and hereby >>>>>> is tasked with the migration and rationalization of the Apache >>>>>> XML PMC XML Security subproject; and be it further >>>>>> >>>>>> RESOLVED, that all responsibility pertaining to the XML XML >>>>>> Security sub-project and encumbered upon the Apache XML PMC are >>>>>> hereafter discharged. >>>>>> >>>>> >>>>> >>>>> >>>-- >>>Davanum Srinivas : http://wso2.com/blogs/ >>> >>> >> >> >> > >
