[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Minutes of 3 April 2001 Security Services TC telecon
One correction to the minutes of the last telecon: At 03:09 PM 4/6/01 -0400, Eve L. Maler wrote: >Minutes of the OASIS Security Services Technical Committee telecon >3 April 2001 >... > >Use Case subgroup issues >======================== >- Discuss authorization decisions: > >http://lists.oasis-open.org/archives/security-services/200103/msg00101.html > > Hal: the sticky part has to do with the response. How do we represent > what the question is? PEP-PDP case: If you can ask the question then > you can represent it, and can you use that for the answer? > > Phill: PDP needs to say something more than just yes or no. > There's a thread in the -core list on this. > There's an example in XKMS along this line. > Hopes to get another example out soon. > > summary (Hal): There's a simple, common case(s) that we can optimize. > > Eve: authz decision assertion -- what all does it contain, that's the > question. > > DaveO: We're getting into an area that's controversial and complex. > Maybe we should leave for a later version of SAML. Likes the idea of > keeping things simple at this point and doing just "yes"/"no" at > this time. Content negotiation in HTTP and difficulties thereof is > an example of the complex stuff. > > Phill: seconds that, content negotiation was not implemented correctly > across implementations. > > Eve: Sounds like the concern is legitimate. > > Phill: Wants to avoid an elaborate choreography, but a bit more than > yes/no might be workable. E.g., the "respond" element from XKMS that > he's waved around in the Core subgroup. A rules-based engine ought > to be able to return more than yes/no. Can only really standardize what > the intersection is of all the models. > > > Hal: Pose question to group "is it NOT worth our time to try to propose > specific stuff in this area?" > > Eve: Thinking along DaveO's lines that we shouldn't go down this path. > > Darren, Irving support Eve: XACML is perhaps doing this stuff. > > Eve: burden of proof is on those who can produce scenarios where simple > yes/no answers aren't sufficient. > > ? - an example is scaling issues in database apps -- ask for yes/no on > each item in a large result set? This was Ken Yagen. ... >Attendance >========== >MEMBERS >Stephen Farrell Baltimore >Patrick McLaughlin Baltimore >Irving Reid Baltimore >Alex Ceponkus Bowstreet >Krishna Sankar Cisco Add Ken Yagen of CrossLogix. >Brian Eisenburg DataChannel >Hal Lockhart Entegrity >Carlisle Adams Entrust >Alex Berson Entrust >Bob Griffin Entrust >Tim Moses Entrust >Ed Simon Entrust >Nigel Edwards HP >Joe Pato HP >Jason Rouault HP >Maryann Hondo IBM >David Orchard Jamcracker >Gilbert Pilz Jamcracker >Alan Brown MS >Marc Chanliau Netegrity >Prateek Mishra Netegrity >Adam Prishtina Netscape >Jeff Hodges Oblix >Charles Knouse Oblix >Steve Anderson OpenNetwork >Duane Hamilton OpenNetwork >Michael Lyons OpenNetwork >Mark Griesi OpenNetworks >Eric Olden Securant >Darren Platt Securant >Eve Maler Sun >Ron Monzillo Sun >Aravindan Ranganathan Sun >Mark Vandenwauver Tivoli >Ron Williams Tivoli >Bob Morgan UWashington >Warwick Ford Verisign >Philip Hallam-Baker Verisign >Thane Plambeck Verisign >Jeremy Epstein webMethods -- Eve Maler +1 781 442 3190 Sun Microsystems XML Technology Development eve.maler @ east.sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC