[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Rough minutes for XACML Feb. 20/03 Focus Group call...
XACML Focus Group Minutes
February 20, 2003
Attendees: Hal Lockhart, Simon Godik, Steve Crocker, Carlisle Adams.
Discussion focused on the new work items list that Anne circulated on Feb. 13th. The numbering below is with respect to that list.
Item 1: Hal: reluctant to make deterministic order of evaluation just to make obligations deterministic. Carlisle: the idea is not to make a decision now, but rather to pick the topics that we think should be on our list of work items for 1.1/2.0. So this is just a list of things to discuss further over the next few weeks/months. Hal: OK then.
Item 2: (a) SAML AuthDecisionQ/Resp: Hal and Anne to work on this. Hal: input and output context all together under a single signature. Targeted for 2.0; fairly final spec by Fall '03.
(c) LDAP: Hal: Tim spent too much time trying to make the triple target work, but this is the pathological case. Should emphasize resource or resource/action instead. Also, do we need to do a similar thing for SQL databases?
(e) Transport protocols. Nobody assigned.
(b) Anne has volunteered for this.
(f) Hal: this is a good thing to do. Michiharu was interested in working on this. Consistent uses in common environments.
(d) ebXML? Nobody could remember how this got on the list.
Item 3: Michiharu and Satoshi are interested in this. Anne, too, perhaps.
Item 4: Tim, Simon, and Maryann Hondo are all interested in this. Hal: I don't see how this can be a work item for this TC. IBM/Microsoft expects to have further meetings on this topic.
Item 5: Hal is still working on the XACML Primer. Should be out to the list soon.
Item 6: Anne seems to be doing a first pass on this implementer's guide. She has gotten / is getting feedback from developers. Plan should be to go through mail list one more time and collect hints/advice/etc.. Then do one more pass with the developers, and put it on our site.
Item 7: Hal: privacy is very political. Steve: what is the distinction between privacy and access control? Carlisle: the type of data being protected.
Final discussion: Steve: what about XACML Lite (for a lite client; e.g., PDP is on a client). Hal: profiles of XACML. There are two possible pieces: compatibility with legacy environments (e.g., "what do you need for LDAP ACI"); and rules for creating profiles (e.g., "If you want to define a profile, here are the things you need to decide"). Actually making a profile, versus how to create a profile. (The former is probably easier.) Steve volunteered to drive this activity.
Need to continue discussion on the next focus call.
Adjourn.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC