Werner just stired the pot on this in another forum, so I thought I'd
come back to it again.
Name aside (although I kinda like Sanctuary or some variant thereof), I
could just update the charter at the end of this trail and remove XML
from the words "XML Security" - so we end up with just stuff about
security technologies. That's a simple way forward - we create software
relating to security.
I note also Raul's thought on lack of resources. My take on that is
that by promoting to TLP we are not immediately doing more - but we are
providing more visibility of what we are doing. That's probably the
best way to start getting a broader audience interested in what we are
doing.
Thoughts welcome.
Cheers,
Berin
Jesse Pelton wrote:
> Some random ideas to get the name game going, based on your indicated
> vision for the project: "SecureSoft," "Security Software," "Vault,"
> "Shield," "Armor," "Guard," "Sanctuary," ,"Citadel," "Surety," "Security
> Blanket" (or "Linus," with a nod to Charles Schulz' "Peanuts," but you'd
> want to get permission). With the possible exception of the last, none
> of these indulge the Apache penchant for obscure references, though.
>
> But the name is really the last piece. You need a clearly articulated
> purpose and scope before you can come up with a name that fits.
>
> -----Original Message-----
> From: Berin Lautenbach [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, March 15, 2006 3:13 AM
> To: security-dev@xml.apache.org
> Subject: Re: TLP Resolution
>
> Thoughts welcome :>.
>
> Berin Lautenbach wrote:
>
>
>>OK - I'm going to take the idea to the board.
>>
>>Before I do - we need a couple of things.
>>
>>1. A name. I'd personally be against anything fancy or non-obvious.
>>But I don't really want to use "Apache Security" as I think it will
>>get too confusing against the security group within the ASF (the group
>
>
>>that looks after security bug reports etc.) "Apache Infosec"?
>>"Apache Secure"? Obviously there is a reason I never went into
>
> marketing :>.
>
>>2. A scope. Probably not hard. "...open-source software related to
>>security..." is a good place to start I suspect :>.
>>
>>I also wouldn't mind to take some first steps as to what we want to
>
> do.
>
>> Obviously set up xml-security and JuiCE, but I'd personally like to
>>see the ASF become a source of best practice for security software as
>
> well.
>
>> Longer term - but an interesting goal for a tlp within the ASF. And
>>if we are going to use this as an exercise in raising interest in what
>
>
>>we are doing inside/outside the ASF, then we want to think about what
>>kind of message we want to give people when the project goes to top
>
> level.
>
>>I'd also like to use it as a central point people can go to in order
>>to see all security related software in the ASF. Not to have projects
>
>
>>like WS-Security under the security project, but to have links to
>>other projects/efforts in the ASF that are related to security
>
> software.
>
>>Thoughts welcome!
>>
>>Cheers,
>> Berin
>>
>>Ben Laurie wrote:
>>
>>
>>
>>>Davanum Srinivas wrote:
>>>
>>>
>>>
>>>>Dear Ben and Dear Ben,
>>>>
>>>>what do you guys think? A Security Federation/TLP/PMC. Starting with
>>>>Apache XML-Security and Apache Juice.
>>>
>>>
>>>It sounds like a very good idea to me, I'd certainly support it. Of
>>>course, we already have a CA. Written in, errr, perl :-)
>>>
>>>Cheers,
>>>
>>>Ben.
>>>
>>>
>>>
>>>
>>>>thanks,
>>>>-- dims
>>>>
>>>>On 3/11/06, Berin Lautenbach <[EMAIL PROTECTED]> wrote:
>>>>
>>>>
>>>>
>>>>>I would be interested in widening it as well - with the proviso that
>
>
>>>>>it is like a federation. I.e. we use it to seed projects then build
>
>
>>>>>them and spawn them into TLPs once they grow to size.
>>>>>
>>>>>I might start sounding some people out.
>>>>>
>>>>>Dims - what's your thoughts?
>>>>>
>>>>>On the subject - having spent the most of Saturday searching for a
>>>>>decent Open Source CA, I'd now be interested in building one that
>>>>>doesn't use &[EMAIL PROTECTED] perl. I.e. do the core in C++ with
>>>>>perl/PHP
>>>>>being used for the interfacing only.
>>>>>
>>>>>Cheers,
>>>>> Berin
>>>>>
>>>>>Werner Dittmann wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>+1 from me.
>>>>>>
>>>>>>Just a comment regarding the charter: is it really only Apache XML
>>>>>>Security? IMHO this would be a bit too narrow, for example JuiCE is
>
>
>>>>>>not dependent on XML, maybe other security related software will be
>
>
>>>>>>pop up later as well.
>>>>>>
>>>>>>I would like to see an "Apache Security" PMC that would address all
>
>
>>>>>>kind of security relevant software and act as a solid base to
>>>>>>deliver security functions to other Apache projects. Also we may
>>>>>>think to browse existing Apache projects to see if there is already
>
>
>>>>>>software (maybe even multiply implemented) and pool them here.
>>>>>>
>>>>>>BTW, I would be happy to be a part of this activity.
>>>>>>
>>>>>>Regards,
>>>>>>Werner
>>>>>>
>>>>>>Berin Lautenbach wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Peoples,
>>>>>>>
>>>>>>>Sometime back we talked about becoming a TLP. With the recent
>>>>>>>JuiCE efforts, + JSR 105 + XKMS we are starting to see a few
>>>>>>>different things occuring. I'd be hugely in favour of starting
>>>>>>>something at a higher level in Apache to get some visibility.
>>>>>>>
>>>>>>>I'm also toying with the idea of creating a broader security
>>>>>>>project/federation to encourage that kind of software within the
>
> ASF.
>
>>>>>>>Thoughts?
>>>>>>>
>>>>>>>Draft proposal for the board below. If we want to do this - all
>>>>>>>active committers will need to vote either on this or on a broader
>
>
>>>>>>>(or even
>>>>>>>narrower!) charter terms of reference that we all can agree to.
>>>>>>>
>>>>>>>Cheers,
>>>>>>> Berin
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> WHEREAS, the Board of Directors deems it to be in the best
>>>>>>> interests of the Foundation and consistent with the
>>>>>>> Foundation's purpose to establish a Project Management
>>>>>>> Committee charged with the creation and maintenance of
>>>>>>> open-source software related to XML security technologies,
>>>>>>> for distribution at no charge to the public.
>>>>>>>
>>>>>>> NOW, THEREFORE, BE IT RESOLVED, that a Project Management
>>>>>>> Committee (PMC), to be known as the "Apache XML Security
>
> PMC",
>
>>>>>>> be and hereby is established pursuant to Bylaws of the
>>>>>>> Foundation; and be it further
>>>>>>>
>>>>>>> RESOLVED, that the Apache XML Security PMC be and hereby is
>>>>>>> responsible for the creation and maintenance of software
>>>>>>> related to creation and maintenance of open-source software
>>>>>>> related to XML security technologies based on software
>
> licensed
>
>>>>>>> to the Foundation; and be it further
>>>>>>>
>>>>>>> RESOLVED, that the office of "Vice President, Apache XML
>>>>>>> Security" be and hereby is created, the person holding such
>>>>>>> office to serve at the direction of the Board of Directors as
>>>>>>> the chair of the Apache XML Security PMC, and to have primary
>>>>>>> responsibility for management of the projects within the
>
> scope
>
>>>>>>> of responsibility of the Apache XML Security PMC; and be it
>>>>>>> further
>>>>>>>
>>>>>>> RESOLVED, that the persons listed immediately below be and
>>>>>>> hereby are appointed to serve as the initial members of the
>>>>>>> Apache XML Security PMC:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <!-- List out all committers in format of
>>>>>>> Berin Lautenbach <[EMAIL PROTECTED]> -->
>>>>>>>
>>>>>>>
>>>>>>> NOW, THEREFORE, BE IT FURTHER RESOLVED, than ??
>>>>>>> <[EMAIL PROTECTED]> appointed to the office of Vice President,
>>>>>>> Apache XML Security, to serve in accordance with and subject
>>>>>>> to the direction of the Board of Directors and the Bylaws of
>
> the
>
>>>>>>> Foundation until death, resignation, retirement, removal or
>>>>>>> disqualification, or until a successor is appointed; and be
>
> it
>
>>>>>>> further
>>>>>>>
>>>>>>> RESOLVED, that the initial Apache XML Security PMC be and
>
> hereby
>
>>>>>>> is tasked with the creation of a set of bylaws intended to
>>>>>>> encourage open development and increased participation in the
>>>>>>> Apache XML Security Project; and be it further
>>>>>>>
>>>>>>> RESOLVED, that the initial Apache XML Security PMC be and
>
> hereby
>
>>>>>>> is tasked with the migration and rationalization of the
>
> Apache
>
>>>>>>> XML PMC XML Security subproject; and be it further
>>>>>>>
>>>>>>> RESOLVED, that all responsibility pertaining to the XML XML
>>>>>>> Security sub-project and encumbered upon the Apache XML PMC
>
> are
>
>>>>>>> hereafter discharged.
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>--
>>>>Davanum Srinivas : http://wso2.com/blogs/
>>>>
>>>>
>>>
>>>
>>>
>>
>
>
