OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Minutes for Telecon, Tuesday 16 May 2003


Minutes for XACML TC Telecon, Tuesday 16 May 2003
Dial in info: +1 512-225-3050  Access Code: 65998
Minutes taken by Steve Anderson

1. Roll call

- Attendees:
    Hal Lockhart
    Anne Anderson
    Steve Anderson
    Michiharu Kudo
    Daniel Engovatov
    Steve Crocker
- Quorum NOT reached

2. Approve minutes from 1 May

- Not in quorum

3. Previous action items

- Hal: doesn't see any from previous call
- Anne: can report on WSPL focus group
    - reviewed hierarchical resources proposal from Simon
    - Anne submitted alternate proposal, using functions
    - Daniel: would that be intended to be used in a target?
    - Anne: yes
    - Simon liked her approach
    - Anne had AI from that meeting to write up match functions for a
      hierarchical resource
    - Simon's proposal also dealt with 'implied actions'
        - e.g. "if you have read actions on a particular file, you also 
          have search permissions"
    - Anne: having trouble expressing that in XACML
    - Daniel: that's the problem with many hierarchical approach
    - inheritance doesn't always relate to every possible action
    - may want actions as a flat space
    - Hal: has reservations about this functionality, e.g. doesn't
      scale well, even though UFS does it
    - doesn't this mean you have to propogate up?
    - [...discussion of hierarchical situations...]
    - Anne: we will write a separate function for every hierarchical
      resource type, e.g. UFS, HTTP
    - Hal: in a business sense, we do have a mech for policy aggregation
    - there's a desire to support existing environments where resources
      are hierarchical
    - don't think there's a need to support new notions of as-yet
      undreamt hierarchies
    - Daniel: but that is what we need
    - Hal: the names of the resources don't change based on the action
    - Daniel: they may
    - ex of a app server with a thread pool
    - Hal: that's different than having different names
    - Daniel: how you access the resource depends on the context you're
      in
    - Hal: guess we'll need to see a write up
    - still has reservations about this functionality in general
    - Anne: all we're trying to do is have a way of stating permissions
      on a UFS file system
    - wants same as Java file permission
    - Hal: thinks there's issues with supporting search capability
    - Anne: yes, haven't solved that
    - Hal: doesn't think it's necessarily desirable
    - Anne: then we looked at issue of attribute id
    - Simon suggested we drop this, since we're not talking about
      signing a portion of a policy
    - If you need to reference a particular part of a policy, you can
      use XPath
    - Hal: but even if you sign an entire policy, you still need an id,
      don't you?
    - Anne: why?  all you need is a URL to point to it
    - had an example of signing a policy that's in a SAML assertion
      in her proposal, so maybe we should look further at that
    - Hal: agrees that semantics of a partially signed policy aren't
      clear
    - Anne: next, should rule id reference be supported
    - Simon didn't oppose it, considered it syntactic sugar
- Anne: looking for AI's from previous call
    - we're all supposed to be responding to these concrete proposals
      for XACML 1.1
    
4.  Review of meeting yesterday

- Hal: we're not in quorum, so this is just review  
- Anne: when through the proposal, and it looks pretty good
- Tim took an AI to do examples from various realms
- but he's on vacation for rest of month
- question came up: do we have datetime duration equals function?
- Hal: they're pretty rare, but they do exist
- [...discussion...]
- Anne: we would like, if people have a chance to read the proposal,
  to get feedback from implementors
- we think compilation of policies is not spelled out well
- overall, thinks the proposal is pretty good, just needs more clarity

5. Other business

- Hal: we have target dates for voting on 1.1
- Karl Best has circulated to the chairs list a draft proposal to
  change the TC process
- one of the items is changing the OASIS members' review from 30 to 
  60 days
- it is just a proposal
- his justification is that this makes it consistent with some 
  international standard
- relevant to lawsuit regarding Rambus
- just want people to be aware that the endpoint for 2.0, and possibly
  1.1, could be pushed out a little longer

6. Adjourn

- Adjourned
- Next week is focus group
- Following week is next official TC meeting

--
Steve



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]