RE: [xacml] Minutes of focus group meeting - 27th Feb 2003

[Tim Moses <tim.moses@entrust.com>]

Addendum ...

Anne reminded me that Maryann Hondo has also indicated her desire to
participate in the WSPL activity.

Bill Parducci contacted me to indicate that he and Geff Hanoian of Overxeer
are interested in participating in the LDAP binding work.  He is also
interested in working on an RDBMS schema.

All the best.  Tim.

-----Original Message-----
From: Tim Moses [mailto:tim.moses@entrust.com]
Sent: Thursday, February 27, 2003 11:45 AM
To: 'XACML'
Subject: [xacml] Minutes of focus group meeting - 27th Feb 2003


XACML Focus group
27 Feb 2003
By teleconference

Present:
Anne Anderson
Simon Godik
Steve Crocker
Tim Moses

Purpose:
Define new work items, assign leaders and identify interested parties.

Summary:

The following work items were agreed.

1. XACML 1.0+: RFE's based on actual usage
   a) Fully specify hierarchical resources [Simon lead; Satoshi,
      Michiharu participate]
   b) Define new combining algorithms for deterministic
      Obligations. [Michiharu lead]
   c) ebXML: Allow references to Rules (as we now allow for
      policies and policy sets) [Anne lead]
   d) Incorporate fixes for errata [Simon lead]
   e) Condition reference: From the policy, a specific "condition"
      is referred to by using conditionID attribute that is
      defined in the <Condition> element. [Michiharu lead]
   f) Properties for new combining algorithms [Michiharu lead]
   g) Obligations in rule element [Michiharu lead]
2. Profiles and bindings
   a) SAML: revised AuthorizationDecisionStatement,
      AuthorizationDecisionQuery, Response to support XACML
      Request and Response Context [Simon lead; Anne and Hal
      worked on this; Anne will send notes to Simon]
   b) XMLDSig: how to sign XACML policies, requests, responses
      [Anne lead; Simon participates]
   c) LDAP:
      1) how to store and retrieve policies using LDAP [Tim lead]
      2) how to store and retrieve attributes using LDAP [See
         RFC2256 and RFC2798 for schemas]
   d) ebXML: [Track, but let ebXML people do this]
      1) how to store and retrieve policies using ebXML
      2) how to store and retrieve attributes using ebXML
   e) Transport protocols (in addition to SAML wrapper)
   f) Define a set of domain-specific identifiers (action,
      combining algorithm etc.) that are used in well-known
      domains e.g. UNIX ACL, Windows, database ... [Michiharu lead]
   g) XACML Lite: how to manage subset profiles of XACML for
      particular environments [Steve lead]
3. Additional Conformance Tests [Anne Anderson, lead; have
   process for accepting contributions from all]
4. XACML Extensions
   a) Web Services Policy Language (WSPL) [Anne lead; Tim, Simon
participate]
   b) Information about how/where to obtain policies and
      attributes; how to authenticate them (e.g. trust anchors)
      [Anne]
5. XACML Primer [Anne to ask Sun if willing to submit open source
   doc for this]
6. XACML Implementer's Guide [drop; no interest expressed]
7. XACML for privacy policies (exploration of whether and how
   XACML can be used to express privacy policies) [Carlisle lead;
   Bill, Simon]
8. Add list of implementations to TC Web Site [Michiharu]

Discussion:

EbXML - Sun's expert in ebXML is prepared to define how XACML can be used
with the ebXML framework, including distribution in ebXML repository.  The
role of the XACML TC will be to review the proposal.

XACML profile.  Steve Crocker is interested in defining a framework for
describing subsets of XACML that are tailored for particular environments.

Anne described her proposal for extending the suite of conformance tests.
Anyone will be able to submit new tests, which Anne will mark
"experimental".  Upon receipt of confirmation from implementers that their
implementations satisfy the new test, it will be recognized as part of the
formal test suite.

Anne will examine the SAML approach to defining an XML Digital Signature
profile and adopt the same approach for XACML.

Anne and Hal have conducted an exchange on the topic of conveying the XACML
context in a SAML request/response.  A proposal has to be made to SAML.
Simon offered to lead this activity and Anne agreed to send her notes on the
topic to him.

Carol Geyer has suggested that we place links to the available
implementations of XACML on the TC's Web page.  Anne suggested that a
disclaimer should be associated with the links.  Michiharu is asked to
insert the links and Carlisle offered to work with Michiharu on the text of
a suitable disclaimer.

Seth Proctor has written an introduction to XACML for Sun's open-source
project.  Anne will ask Sun if they will agree to this being re-styled as an
OASIS document and posted on the TC Web page.

-----------------------------------------------------------------
Tim Moses
613.270.3183

----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>