Colleagues, It appears that we will not have at least three organizational members willing to attest that they are "successfully using" the XACML 1.0 Specification by 12/13/02. This will prevent our advancing the specification toward standardization for at least another month. I propose that we vote to redefine "successfully using" at our meeting on 12/12/02. Currently, by XACML TC definition, "successfully using" means "having an implementation that passes the XACML Conformance Test Suite". My proposal is to drop our TC-specific definition of "successfully using". "Successfully using" will mean simply that, in the attesting organizational member's opinion, the organization is successfully using the XACML 1.0 Specification. I believe such a redefinition is reasonable. My reasons follow. A. No other OASIS TC has stated that "successfully using" requires an implementation. The XACML requirement is self-imposed, not required by OASIS rules. B. At least one member is unwilling to admit publicly to having an implementation for fear of exposing themselves to selective legal action by one or more purported IP holders. C. At least one other member is unwilling to state, as required by the current OASIS IPR Policy (only where implementations are required) [
http://www.oasis-open.org/who/intellectualproperty.shtml ], that they "have taken adequate steps to comply with any such rights, or claimed rights". D. At least one other member has not implemented every feature of the language, although the implementation is well along. You may not agree with the reasons stated in B and C, but the fact is, there are at least two members who will not be attesting this month for those reasons. I think requiring implementations that pass conformance tests for a specification to become a standard is a VERY good idea; so good that I wrote the conformance tests myself. However, my reasons for requiring implementations have been satisfied without making an implementation necessary for an attestation of "successfully using": 1) There are at least two full implementations of XACML, one by an organizational member (Sun), and one by an individual member. Both pass the full Conformance Test Suite. 2) There several other implementations that are well advanced, but not yet complete enough to pass the full Conformance Test Suite. 2) There are many organizations that have carefully scrutinized the specification, as evidenced by the comments we have received during our public review period. None of the commenters has stated that the specification is not implementable, especially not after we resolved the issues in the comments. Anne Anderson -- Anne H. Anderson Email:
Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692