[Members] First XSF Certificate Meeting

Peter Saint-Andre stpeter at stpeter.im
Mon May 11 17:13:49 CDT 2009

Hash: SHA1

On 5/11/09 3:21 PM, Nathan Fritz wrote:
> XSF Members,
> What: Meeting to start Compliance Certificate process

"Certificate" makes me think of X.509. Perhaps we could call it
"Certification" instead.

> Who: the XSF Members
> When: Thursday, May 21st at 1800 GMT

Added here: http://xmpp.org/xsf/XSF.ics

> Where: xmpp:foundation at conference.jabber.org?join
> <http://xmpp:foundation@conference.jabber.org?join>
> Quote: "the XSF is useless -- what's the point of compliance levels
> without compliance certification?!?" -PSA

I was only half-joking. :)

> A couple of years ago, the Council started creating yearly XMPP
> Client/Server Compliance levels as XEPs (XEP-0211, XEP-0212, XEP-0213,
> XEP-0216, XEP-0242, XEP-0243) to publish the XSF's expectations for IM
> servers and clients that claim to be XMPP compliant. While a good first
> step, these compliance XEPs are worthless without certifications for
> compliance.  These certifications would not be limited to the Council's
> compliance XEPs, but could include specific XEPs and RFCs.  This means
> that we, the XSF Members, will be responsible for determining which XEPs
> to create certificates for, gathering tests and criteria for a piece of
> software to pass a certificate, performing the testing (automated and
> brute force alike), awarding compliance certificates, and maintaining
> existing certificates.  During next week's meeting we will determine our
> first set of XEPs to create certificates for, discuss the criteria for
> awarding certificates in general, and discuss how this should apply to
> XSF membership.  As one of the action items following this meeting, I
> will call a vote for the XSF members to determine whether we should have
> a process for awarding compliance certificates.

Another action item would be to research open-source testing tools.
Perhaps http://www.opensourcetesting.org/ has some useful links.

It seems to me that we'd want to develop an extensible approach that
enables XSF members and interested others to write their own test sets
for XMPP functionality. Something scriptable comes to mind. :)

> In the meantime, please think about what XEPs we should initially offer
> as certificates.  I propose that XEP-0242, XEP-0243, XEP-0060, and
> XEP-0163 should be our initial set of certificates, and I will defend
> that during the meeting.  Also, think about what tests you can
> contribute including automated wire tests that you have access to and
> methods that you use for manually testing features.  We will likely need
> to make a call out to the greater community for additional automated
> tests that will help for specific XEPs that we choose to create
> certificates for.  I personally am working on a large test harness for
> XEP-0060 that I hope to have finished in time for the San Jose Summit.

What's the general approach behind your test harness?

> In the end, I hope it will become part of the core responsibilities of
> the XSF members to develop these certificates, actively test
> implementations, and award developers for being compliant with specific
> XEPs.  XMPP software developers should reach out to us to get their
> products certified and we could reach out to software developers to
> encourage them to get their servers and clients certified.  They should
> be able to display their certification proudly on their product pages.

That all sounds wonderful. :)

Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Members mailing list