[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Minutes of Feb 25 policy model subcommittee concall
Hi, below are the minutes. sorry for the delay i've been swamped Tue and Wed. i had promised the note mentioned in the minutes by today, i'm a bit behind. will send it out by the weekend definitely. best -p =============================================================== MINUTES OF THE POLICY MODEL SUBCOMMITTEE (MONDAY, FEB. 25 2002) =============================================================== PRESENT * Carlisle Adams (Entrust) * Anne Anderson (Sun) * Hal Lockhart * Pilz Gilbert * Fred Moses * Ernesto Damiani (Unimi) * Simon Godik * Pierangela Samarati (Unimi) * Tim Moses (Entrust) * Michiharu Kudoh (IBM) * Sekhar Vajjhala --------------------------------------------------------------- We continued going over Tim's document v.0.9, pointing out aspects that needed discussion. * Page 10, examples. Simon points the attention on resource, where the matching rule for the resource refers to the request. Simon proposes that the resource be written in a request-independent manner. The point that Simon makes in that while in SAML the resource is just a string, XACML should suggest a structure. Hal comments that while it is good to retain a simplified structure, we should not be tied to SAML as a specific way of expressing requests. In other words, we need to be compatible with SAML, but should not be tied to it. Carlisle, replies that we actually have that in the charter. Hal says we should be compliant, but we should ask SAML to define a more sophisticated request. Simon says that the SAML way of expressing resources as a string is limited. For instance, what is the resource in case of XML documents? how do i go fine grained? Ernesto comments that we should not have a sophisticated resource encoding if SAML does not support it. This can be a parallel effort to influence the next version of SAML. ****** ACTION: round of email to see what others in the XACML list think. (Simon champion) Again on the examples, Simon comments that attribute reference should be tied to the object. It's a question of tight coupling or loose coupling of the policy with the request. (This issue will be discussed in relationship with the one above)/ * [page 11, lines 420..422] arithmentic operators. The issue was discussed at the F2F where Sekhar said he would have looked at it. Sekhar reports that he could not complete it. Hal comments that we will need black box functions. for instance matching a subject requestor to something in a record that requires some sort of private functions: no set of simple operators that we can define that will be good enough. Ernesto, while agreeing on this, comments that it would be useful to have at least the simplest arithmetic operators be part of the language. ******ACTION: Ernesto, Simon, Tim to look at arithmetic operators and report to us. * Anne says that it would be good if we have one or two example of SAML authorization decision queries. For instance, one that should be answered with a permit and one with a deny. They would provide more concreteness in the discussion. ******ACTION: Tim to add the examples * Figure 1. Ann ponints out that changes are needed. Since the figure should reflect the model (which is now under discussion) it is agreed to postpone this to when the model will be finished. * Follows a discussion on the format and semantics of - rules - policies - metapolicies One of the major point in the discussion was the current proposal in the document that a policy could be a boolean expression of rules. Pierangela points out that semantics of such a boolean expression seems to be not clear and while boolean expressions (or rather AND and OR) seems to be needed for combining policies they seems not to be for combining rules within an elementary policy. ****** ACTION: Pierangela to send out a document summarizing possible solution/s taking into account discussion on policies of last concalls as well as msg exchange.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC