[xacml] XACML August 22, 2002 Minutes

[Ken Yagen <kyagen@crosslogix.com>]

Title: XACML Conference Call Minutes

XACML Conference Call

Date:  Thursday, August 22, 2002

Time: 10:00 AM EDT

Tel: 512-225-3050 Access Code: 65998

 

Summary

The committee reviewed the open action items and voted to close the resolved issues from the Issues List. It was agreed upon that the SAML profile should be a separate, normative document. There have been numerous change lists posted to the mailing list and we discussed how to resolve these. A formal issues list will be put together by Anne based on these postings and they will be discussed and hopefully resolved on Monday. Meanwhile, Tim will get a version 17 spec out containing general document edits by Tuesday. There was also discussion on the wording in the charter requiring all input and output be SAML compliant and new text will be proposed and voted on to replace that section of the charter that clarifies our SAML position.

 

Action Items

1. Michiharu to provide XPATH usage examples by end of day Friday 8/23
2. Propose posting proposed solutions to list and table until next TC call.
3. [Anne, mid-Sept 2002] Get comments to Tim on profile for using LDAP to store policies.
4. [Anne, mid-Sept 2002] Update XML Digital Signature profile.
5. [Anne, mid-Sept 2002] Send proposal for SAML changes based on our Context to XACML TC list.  After TC review and modification, we will send it on to SAML.  Deadline for this is SAML's deadline for finalizing their list for 2.0.
6. Tim will incorporate SAML split (delete) and editorial changes into a version 17 of the spec by Tuesday 8/27
7. Anne volunteers to pull out outstanding change requests from current mailing list
8. Hal to propose new wording of the last paragraph of charter before next Thursday.
9. Michiharu to convert XSLT to minimal for used for conformance cases (Lower Priority)
10. Separate SAML document to be created (Lower Priority)
11. XACML primer needs to be completed in Sept (Lower Priority)

Votes

Vote to separate SAML profile out into separate document passed

Vote to approve minutes of 8/15 meeting passed

Vote to change wording of charter tabled while wording is revised by Hal

 

Proposed Agenda:

10:00-10:05 Roll Call and Agenda Review

10:05-10:10 Vote to accept minutes of August 15 concall

http://lists.oasis-open.org/archives/xacml/200208/msg00045.html

10:10-10:15 Review of Action Items (see 8/15 minutes)

10:15-10:20  Vote to approve proposed resolutions on Issues (Ken)

10:20 - 10:50 Discussion of v0.16 change requests (Tim)

10:50 - 10:55 Discussion of "SAML inputs" in charter wording (Carlisle, Anne)

10:55 - 11:00 Discussion of schedule for Committee Spec and OASIS submission (Carlisle)

 

Roll Call

Ken Yagen, Crosslogix

Daniel Engovatov, Crosslogix

Hal Lockhart, Entegrity

Carlisle Adams, Entrust

Tim Moses, Entrust

Don Flinn, Hitachi

Michiharu Kudoh, IBM

Simon Godik, Overxeer

Polar Humenn, Self

Anne Anderson, Sun Microsystems

 

Raw Minutes (taken by Ken Yagen)

10:03 Roll Call

10:05 No changes to agenda

10:05 Motion to approve minutes of 8/15 meeting

10:06 Action Item Review

 

Submit items to Tim for v16 as specified in these minutes

Complete.

 

Don to post threats for security and privacy text by Tuesday 8/20

Complete. Don suggests to add to end of S&P section like SAML did.

 

Anne and TC will look at XACML extensibility points sections again and decide if needs to be revised

Complete. Anne sent out a revised section

 

Bill update UML diagrams by Friday 8/17

Complete

 

Michiharu to provide XPATH usage examples

Have not completed. Asked what section it belongs in? Suggestions of attribute selection or examples section. Agreement is the examples section and to keep it as small as possible. Will complete and submit it by end of day Friday (8/23)

 

Michiharu to convert XSLT to minimal for used for conformance cases

Have not completed because lower priority. Michiharu also has a proposal to reorganize section 7 and move XSLT template to appendix section that discusses SAML. This would essentially eliminate section 7 unless we needed to say something about digital signatures (the other profile). Another suggestion to make SAML profile a separate document.  Removes any confusion about stability of XACML due to extensions requested of SAML.

Vote to separate SAML profile out into separate document

 

Simon will publish 16g schema with changes voted on during call

Complete

 

Tim will publish v16 spec Friday 8/16

Complete

 

 [Anne, 21 Aug 2002] Conformance Tests:

Some was waiting on Daniel and Polar to complete functions.

Anne suggests remove description of test suite and just state it is available. Test suite is an aid to developers who wish to attest to conforming to XACML. It is not required and Simon feels language should be made clearer to communicate that. Wording says that it is required for attestation of successfully using but not for conformance. Test suite is not as broad as conformance table. Attesting of successful use means you are passing the test suite. Conformance is determined independently. Hal suggests it should be the other way around. Anne said we want to avoid it seeming like a branding program. Other committees have not been concerned about interoperability or completeness in determining attesting of successfully using. Are the three implementers going to implement the complete mandatory sections?

Propose posting proposed solutions to list and table until next TC call.

 

 

10:32 Motion to approve resolutions to issues in issues list approved

 

10:33 Change Requests

Tim has ironed out inconsistencies he found in document. There has been a lot of discussion on the mail list. How to include that? Could cut and paste from mail list and add with change bars. Another possibility is to get 2-3 people together to hammer out next version as a small group. Expect we need at least two more versions. Some of the reviewers have divided there changes into simple editing and inconsistencies and the more controversial change lists. Should we consolidate them into an issues list to be discussed and voted on.

Anne volunteers to pull out outstanding change requests from current mailing list submissions and create an initial issues document immediately following this meeting. Tim will incorporate the editorial/non-controversial issues into the spec v17 by Tuesday.

Discussion will happen on Monday's call. Will decide Monday if another call is needed before next Thursday.

 

10:50 Wording in charter discussion

Wording refers to SAML conformance for inputs and outputs. We do provide a transformation for SAML so this should satisfy the point. Charter states that all inputs

Replace last paragraph of charter with:

An XACML PDP must be capable of accepting SAML conformant inputs and producing SAML conformant outputs.

Don't want to require PDP to pass SAML conformance test cases. It should be a constraint on the specification, not the PDP itself. Hal volunteered to wordsmith a proposal. Motion to vote, but tabled in favor of new wording.

 

11:00 Scheduling

Committee specification by 9/1

Sept - Nov review specification and allow implementations to proceed. Make any changes as reviewed by committee if they come up.

Suggestion to open spec for public review for a couple weeks. Suggestion to get tutorial information out in non-normative document first aka the primer that Hal and Konstantin were chartered with.

Submit on December 1 (unless Oasis changes rules of submission to allow earlier)