[xacml] XACML November 1, 2001 Minutes

[Ken Yagen <kyagen@crosslogix.com>]

Title: XACML Conference Call

XACML Conference Call

Time: 10:00 AM EST

Tel: 512-225-3050 Access Code: 65998

Minutes of Meeting

 

Summary

Progress has been made on the glossary and it should be completed by the scheduled deadline. Policy Model subcommittee also appears to be making progress and we voted to accept their charter but neither Simon or Pierangela were on the call and no minutes were available from this past meeting. Tim volunteered for conformance chair, but Intellectual Property and Coordinating Editor (currently Ernesto) are still open issues. There was discussion and concern about the next face to face. We didn’t seem to have consensus on the voting. More discussion on the list is encouraged and Hal and Carlisle will try to find a solution, potentially using videoconferencing and multiple sites. We should expect to have one additional F2F meeting in Q1 to meet our schedule of March 1 submission. It was agreed that a full draft of the submission would be needed by February 1 to meet this. There was discussion of conformance and reference implementations as well. It’s not entirely clear if the submission needs to include these as well as security considerations and other non-normative stuff.

 

Action Items

1. Michiharu needs to update the website for the new positions: Ken for Issues List Maintainer and also the Policy Model and Security and Privacy Subcommittee chairs. (and Conformance)
2. Ken will ask Simon to post the minutes when he returns from vacation on Monday
3. Need an Intellectual Property Chair
4. Determine if Ernesto is still capable of handling the coordinating editor position since he is not just an observer.
5. Tim will update with new email comments and schedule call for next week at 10AM EST on Monday.
6. Hal will look into videoconference facilities for next F2F so we could support 2 meetings in SF Bay Area and Boston working together.
7. Tim agreed to chair the Conformance Subcommittee
8. For next F2F we will have a couple more days of email comment and then Carlisle and Hal will put something together.

 

Votes

1. Accepted the minutes from October 8, 2001 meeting
2. Approved Policy Model Scope Pierangela submitted with provision in conform with the Glossary and noting that while SAML is not specifically mentioned in the scope it is already in our charter that we will work closely with SAML.

 

Raw Minutes (taken by Ken Yagen)

 

Proposed Agenda:

10:00-10:10 Roll Call and Agenda Review

10:10-10:15 Vote to accept minutes of October 18 meeting

10:15-10:20 Report of the Glossary Committee

10:20-10:25 Report of Policy Model Committee

10:25-10:35 Discussion and Vote to Accept Policy Model Scope

http://lists.oasis-open.org/archives/xacml/200110/msg00122.html

10:35-10:45 Discussion of Face to Face

10:45-11:00 Discussion of proposed Schedule and Milestones

01-Nov-2001 - Policy Model Scope Agreed

09-Nov-2001 - Initial Glossary

14-Dec-2001 - Draft Policy Model complete

01-Feb-2002 - Draft Policy Model and Schema complete

01-Mar-2002 - Final Policy Model and Schema Submitted to OASIS

 

10:07 Attendance

Ken Yagen, Crosslogix

Hal Lockhart, Entegrity

Fred Moses, Self (no longer Entitlenet)

Carlisle Adams, Entrust

Alex Berson, Entrust

Tim Moses, Entrust

Michiharu Kudoh, IBM

Christopher McLaren, Netegrity

Bill Parducci, Self

9 Attendees. Quorum reached.

 

Discussion about whether a meeting that does not meet quorum counts towards membership. The consensus is yes it does for both prospective and regular members. Hal will speak with Karl for further clarification.

 

10:15 Agenda Review

Carlisle asked we talk about committee leadership

 

Ken: Brought up the issues list and asked for members to please send him their issues.

Hal mentioned in SAML he gleaned the minutes of meetings for the issues. It is a judgment call in many cases. Pick issues you think will be around long time and will be debated before settled. Subcommittee chairs would package up their issues and submit them.

 

Michiharu needs to update the website for the new positions: Ken for Issues List Maintainer and also the Policy Model and Security and Privacy Subcommittee chairs.

 

10:19 Motion to accept the minutes from October 8, 2001 meeting, no discussion or debate, approved

 

Hal: Intellectual property – was there a volunteer? Still open and unfilled

Carlisle: Ernesto is the coordinating editor but has dropped to observer– can that be addressed?

Hal – Ernesto is on the policy model core calls, but not sure how great his participation can be. Simon and Pierangela will likely be drafting the model.

 

10:22 Reports

Hal: Policy Model SubComm Report: No minutes published from Monday PM Call. Agreed to take Pierangela’s document and accept it as scope of work of policy. At meeting there was discussion of details of model. Have been some agreement on terminology and concepts. Positive feedback with glossary activity. Think Simon took minutes of meeting.

 

Ken will ask Simon to post the minutes when he returns from vacation on Monday

 

Tim: Glossary Report: put together version one two weeks ago. Call last Friday, some things we thought were clarified were not in retrospect. Issued revised version and more discussion on list. Planning to reissue version attached to version of language proposal from Carlisle modified to be consistent with glossary. Will update with new email comments and schedule call for next week at 10AM EST on Monday. Look for and read what Tim puts out today.

 

Hal – We have this conference number available at any time for calls.

 

10:30 Policy Model Scope

Hal – description of what is the policy model.

Motion to approve Policy Model scope Pierangela submitted

Comments and discussion

Carlisle – no timetable/schedule in charter. Is subcommittee happy with that?

Hal – figure out what we need to do and then figure out time and considerations

Bill – PM put together estimates?

Carlisle – does charter line up with glossary?

Tim – little work but not far off. No mention of SAML?

Hal – mention we expect to propose enhancements to SAML? That’s in our charter of TC. Add a provision to bring in line with glossary as it evolves.

Carlisle – what is meant by entity as in “entity inside of rules”

Tim – Components of model that need to be referenced. Think entity being used to include attributes of components of model.

Hal – Objections? Motion passed with glossary provision but without modifying to mention SAML or schedule. We should note that SAML is not specifically mentioned because it is already in our charter that we will work closely with SAML.

 

10:38 Face to Face

Hal – Seem to be constrained where people can travel. Thought LV had a plurality (4) but responses all over the map. Non-US probably don’t care where in US from Japan or Italy.

Michiharu – I cannot make another F2F this year.

Carlisle – can we make quorum? Do we need it?

Ken – suggested video conference with east and west coast meetings joined by video conference from Boston and Bay area.

Hal – costs and facility maybe an issues but probably worth pursuing.

 

Hal will look into video conference facilities

.

Bill – Let’s have one more plea on mailing list then pursue alternatives.

 

10:45 Schedule Milestones

Hal – Ken added Conformance and Security and Privacy considerations ideas for milestones

Carlisle – Who is heading up conformance?

Hal – Do we need conformance? We have schema and semantics but no real protocol. Can create or absorb an instance. How do you test do the right thing?

Tim – bundle of assertions and policy and spec says whether grant or deny. Perhaps you go back and pick examples from use cases and requirements and ask for those to submit examples.

Hal – need a champion. Tim are you interested?

Tim – perhaps, tentatively.

Ken – can help out but no bandwidth right now.

Hal – should it involve the use of SAML?

Tim – assemble PDP pieces – authz query, policy and response grant or deny

Hal – possible use of SAML to automate it. Easier to observe.

Ken – and supports charter

Tim – put me down as responsibility

 

Tim agreed to chair the Conformance Subcommittee

 

Hal – milestones – PM Scope agreed, one more week on the glossary seems okay. Scope suggests work out policy in English then representation. By 2/1 have something pretty much right but errors, tweaks then have 1 month to do that.

Ken – 2/1 complete submission document, not just model

Hal - Do non-normative items need to be approved in same cycle (conformance, security considerations)? Assume what you give them is up to you. Would make sense to characterize it as a draft of submission.

Carlisle – if we want them in that draft, then they should be at the same time, otherwise separate.

Ken – suggest submit what’s needed to approve and extend deadlines for everything else.

Hal – SAML, working interoperating implementations was important.

Ken – when do we need working implementations for XACML?

Hal – Part of submission must be certification by three members as successfully using it. (Process document section II has 7 provisos).

Ken – I suggest everyone read the Oasis process document

Ken – ask if we have 3 members that can do it by then.

Carlisle – sounds like we can do that.

Hal – self members do count for implementations.

Bill – Fred and I maybe can team up to create reference implementation.

Carlisle – concerns about holding those extra F2F meetings.

Hal – probably just plan one F2F in first quarter.

For next F2F we will have a couple more days of email comment and then Carlisle and Hal will put something together.

 

11:05 Motion to adjourn.