[xacml] XACML May 2, 2002 Minutes

[Ken Yagen <kyagen@crosslogix.com>]

Title: XACML Conference Call Minutes

XACML Conference Call

Date:  Thursday, May 2, 2002

Time: 10:00 AM EDT

Tel: 512-225-3050 Access Code: 65998

 

Minutes of Meeting

 

Summary

Progress of Schema Subcommittee and Milan Face to Face was reviewed. An issue has come up between the XACML schema and context which was SAML schema but some are proposing now should be a standalone schema with mappings to SAML and other contexts. A vote on whether to proceed in this way is expected at the next conference call. Security and Privacy was discussed and suggested it is mainly a trust issue and should not be in the architecture and an approach similar to SAML should be taken and provide some guidelines. The schedule and our status was also discussed. Clarification of the OASIS process and the length of time required was given. Suggestions were made we create a committee spec by June 1, work on implementations and submit September 1. If we have another F2F, it needs to be firmed up before next TC call.

 

Action Items

1. (from 4/18 action items) Hal to take over section 6 of spec and produce something in next 2 weeks
2. (from 4/18 action items) Move action item for XACML primer by Hal/Konstantin to calendar with date of 1 month from today (5/16)
3. Michiharu and Anne to update descriptions of example applications, specifically for XML documents and J2SE after next schema released.
4. Simon to post minutes of a discussion held at F2F on context issue
5. Vote on whether XACML should have its own context schema at the next conference call.
6. Michiharu to post description of IBM patent on mailing list.
7. Vote to officially sanction the Joint Security Committee
8. Decide on date (early to mid June) and location of next F2F by 5/10.

 

Votes

None. Minutes of 4/18 were approved at F2F.

 

Proposed Agenda:

10:00-10:10 Roll Call and Agenda Review

10:10-10:15 Vote to accept minutes of April 18 meeting (depending on quorum at F2F)

http://lists.oasis-open.org/archives/xacml/200204/msg00119.html

10:15-10:25 Review of Action Items (see 4/18 minutes)

10:25-10:40 Report of Schema Sub-Committee; summary of F2F meeting

10:40-10:50 Discussion of Overall Status

(in particular, are we still on track for June 1st submission to OASIS?)

10:50-11:00 Discussion of next face-to-face meeting:  is there need?  is there time?

 

Roll Call

James MacLean, Affinitex

Simon Godik, Self

Ken Yagen, Crosslogix

Hal Lockhart, Entegrity

Carlisle Adams, Entrust

Don Flinn, Hitachi

Konstantin Beznosov, Hitachi

Michiharu Kudoh, IBM

Polar Humenn, Self

Ernesto Damiani, University of Milan

Sekhar Vajjhala, Sun Microsystems

Anne Anderson, Sun Microsystems

 

Raw Minutes (taken by Ken Yagen)

Agenda Review

Michiharu - Update on IBM IP

Ken - Roll Call from F2F; In minutes, had quorum and voted to approve 4/18 minutes

 

Previous Action Items from 4/18

1. Carlisle will take roll at F2F and send to Ken

Complete

2. Move action item for XACML primer by Hal/Konstantin to calendar with date of 1 month from today (5/16)
3. Carlisle to ask Michiharu to post description of IBM patent to email list

Update later on this call

4. Hal to take over section 6 of spec and produce something in next 2 weeks
5. Michiharu and Anne to develop description of example applications, specifically for XML documents and J2SE [ed: Is this action item still open or resolved?]

Anne posted 3 approaches. Will update after reviewing next schema update; Michiharu will update his as well.

6. James to send writeup to Polar or list on Security and Privacy for discussion at F2F.

Discussed at F2F.

James - interested in getting some discussion on conference call. From meeting minutes, got a since privacy concerns are not in scope in XACML.

Simon - there was a vote that at least signing portion is not in scope of XACML spec. Don't remember about encryption or anything else. Maybe have a non-normative section will be enough.

Carlisle - Will discuss with summary of F2F later in call.

7. Members who believe an issue is ready for closure should post resolution to the list for discussion and voting.
8. Ken to incorporate voting results and Simon's issue list in Issue List and publish by end of day 4/18/02

Complete

9. Tim to rework combiner algorithm section in spec to reflect discussion and consensus that we use English explanation and pseudocode to explain (not specify) deny overrides.

Don't know if done yet, but should be in v13 next week

10. Tim to add change tracking in future versions of spec.
11. Carlisle will look into dial in capability, internet access at university, contact numbers for face to face.

 

10:18 AM EDT

Report of Schema Subcommittee and Summary of F2F

Working bottom up to create XML Schema

Issue between XACML schema and context which used to be SAML schema but now want to see it able to be used in standalone way. Discussed how to refer to this context. Michiharu presented a proposal and agreed to look into that and possibly take a vote soon. Michiharu sent proposal to list on this. Would like to hear comments from Tim who was not at F2F. Simon was to post minutes of a discussion held at F2F.

Konstantin - can XACML be used without XML because XML is just an model for marshalling.

Carlisle - XML is only means we have of expressing our model, so not sure what you mean.

Konstantin - Creation of model and then mapping into XML

Hal - Expect it will get to a point that specific of semantics around expression will have a dominant effect. Shared goal that applicable to namespaces that don't otherwise use XML. Regarding SAML, don't see an issue with it, strikes me as possible that we can still go forward and make suggestions to SAML to support XACML. See decouple of revision process of a good goal.

Carlisle - we've talked about an input and response context for XACML. For obligations, example. It's reasonable to take that to SAML.

Don - Also rational that other models could interact with XACML - ie J2SE and CORBA.

Hal - It's my belief that SAML is completely general and could be used with CORBA, etc.

Simon - Need normal form to reference attributes without being tied to specific form of SAML. Side effect context will replicate every element in SAML schema.

? - Will XACML context be an extension of SAML?

Simon - self contained schema. Can distinguish different pieces, can refer to attributes, etc. Can write different profiles for SAML versions and other contexts like J2SE using transformation. But have to redefine almost everything already defined in SAML.

Ken - Decoupling sounds like a requirement that XACML should be usable as a standalone language.

Hal - Think this has been a requirement from the beginning. Original use case to use XACML to export representations of policy, not necessarily evaluate it. Lot of possible definitions of using SAML from using a specific profile to using any element of SAML syntax. Would the use of inputs in the form of context representation be a conformance point? Would we test against the ability to accept inputs in this form to accept policy. Would drive people using other schemes to do an internal conversion step to use this format. Forces a certain design.

Simon - is a conformance point

Hal - Suppose I build a PDP and get information from CSIv2 on principal. If forced to be conformant, must reformat CORBA construct in XACML and pass to engine. Would simplify design but impact performance.

Carlisle - Before assumption was input in SAML format and would have to do that anyways.

Simon - Requirement is being able to understand the policy.

Hal - Don't understand point of redoing all of SAML

Simon - Need to mimic all assertions from SAML, trimmed down but similar.

Hal - Why can those that are the same be done by call by reference?

Ernesto - If we want them part of our schema, will have XACML namespace as part of name. Could be perfect reproduction but change of namespace only.

Carlisle - Took straw vote at F2F. Still too early to take vote. Perhaps at next conference call

Ken - Any discussion of how this would impact the schedule?

Carlisle - Want to discuss in a few minutes.

 

10:43 AM EDT Security and Privacy

Polar - came down to fact that largely based on trust of PDP. PDP would authenticate its clients and anybody using it would have to authenticate it. Trust decisions must be made about sensitive data sent to the PDP and confidentiality. If you have sensitive data, maybe have encryption or don't give it the sensitive data. Nothing we can put in architecture.

Hal - Was firm agreement need to confidentiality protect XACML policies. Approach was to embed policy in their choice of external mechanism like SAML. Given new approach, how would this be done? Integrity protection is something people will want. Confidentiality will be needed as passed around.

Anne - Won't that be handled by a layer outside of XACML itself. i.e. XML DSig, XML Encryption.

Hal - SAML also passed on it to these layers.

Carlisle - Signing a policy. Rules in there can be referenced. Signature might cover referenced rule or rule itself. What if you only have part signed and part unsigned. Which part (or all) do you trust? Decision was we need to be silent on that

Hal - SAML silent as well. Should provide some guidelines about how to combine with these elements.

Anne - Normative examples for XML DSig

Hal - Separate issue of saying we have a policy representation and need to provide metadata around it (date, time, security protections, ...) and you embed policy in something else, but would illustrate by making it specifically a SAML statement and using SAML date of issue, etc.

Anne - would we redefine saml assertions or just an XACML attribute?

Simon - one issue how context looks like. Will defined everything need in schema. Second issue, profile for SAML and use SAML mechanisms there.

Hal - This is not a SAML profile. There is general agreement we need to provide basic capabilities around policy expression (metadata). Last time, said would derive new SAML statement type and use existing SAML machinery as way to protect our policy document.

Konstantin - Do we want to address this issue by June 1^st or wait until after release 1.0 (context issue). Public commentary on policy schema

Simon - Interoperability issues will exist

10:54 AM EDT Process check on time; Issue tabled

Michiharu update on IBM IP

IBM one patent is published in Japanese patent office. Explained contents at F2F. Have not posted info to mailing list but will do it soon. Told by IBM IP person, they found that one US patent is published from US patent office. Not translation of Japanese patent, but is a counterpart to the Japanese application. Will post information to list. These are applications, not issued patents.

 

11:00 AM EDT Status Discussion

SAML schedule - June 1 send standards to Karl Best and he reviews

July 1 - go to OASIS members to review

July - Sept - 3 month review process

30 day voting begins October 1

November becomes OASIS standard.

Hal - at beginning of process becomes committee specification so to enter process need three organizations implementing it.

Carlisle - Have remainder of month to get spec entirely in order and three companies attesting to using specification. If miss June 1 deadline, Sept 1 is next window.

Polar - will anyone have anything ready by June 1?

Simon - additional work of XACML context is not a lot of work

Polar - Too much to do by June 1.

Hal - We can make it a committee specification at any point.

 

Hal - item need to raise. Need to officially vote to sanction the Joint security committee. Could wait until next meeting to do so.

 

Carlisle - Make committee spec June 1, work on implementations over summer and submit Sept 1.

 

Carlisle - Look sometime early to mid June. Let's firm this up sometime before next TC conference call. Perhaps by end of next week. (5/10)

 

Symposium of Access Control Models in Monterey in June (SACMET)