[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for Telecon, Tuesday 16 May 2003
Minutes for XACML TC Telecon, Tuesday 16 May 2003 Dial in info: +1 512-225-3050 Access Code: 65998 Minutes taken by Steve Anderson 1. Roll call - Attendees: Hal Lockhart Anne Anderson Steve Anderson Michiharu Kudo Daniel Engovatov Steve Crocker - Quorum NOT reached 2. Approve minutes from 1 May - Not in quorum 3. Previous action items - Hal: doesn't see any from previous call - Anne: can report on WSPL focus group - reviewed hierarchical resources proposal from Simon - Anne submitted alternate proposal, using functions - Daniel: would that be intended to be used in a target? - Anne: yes - Simon liked her approach - Anne had AI from that meeting to write up match functions for a hierarchical resource - Simon's proposal also dealt with 'implied actions' - e.g. "if you have read actions on a particular file, you also have search permissions" - Anne: having trouble expressing that in XACML - Daniel: that's the problem with many hierarchical approach - inheritance doesn't always relate to every possible action - may want actions as a flat space - Hal: has reservations about this functionality, e.g. doesn't scale well, even though UFS does it - doesn't this mean you have to propogate up? - [...discussion of hierarchical situations...] - Anne: we will write a separate function for every hierarchical resource type, e.g. UFS, HTTP - Hal: in a business sense, we do have a mech for policy aggregation - there's a desire to support existing environments where resources are hierarchical - don't think there's a need to support new notions of as-yet undreamt hierarchies - Daniel: but that is what we need - Hal: the names of the resources don't change based on the action - Daniel: they may - ex of a app server with a thread pool - Hal: that's different than having different names - Daniel: how you access the resource depends on the context you're in - Hal: guess we'll need to see a write up - still has reservations about this functionality in general - Anne: all we're trying to do is have a way of stating permissions on a UFS file system - wants same as Java file permission - Hal: thinks there's issues with supporting search capability - Anne: yes, haven't solved that - Hal: doesn't think it's necessarily desirable - Anne: then we looked at issue of attribute id - Simon suggested we drop this, since we're not talking about signing a portion of a policy - If you need to reference a particular part of a policy, you can use XPath - Hal: but even if you sign an entire policy, you still need an id, don't you? - Anne: why? all you need is a URL to point to it - had an example of signing a policy that's in a SAML assertion in her proposal, so maybe we should look further at that - Hal: agrees that semantics of a partially signed policy aren't clear - Anne: next, should rule id reference be supported - Simon didn't oppose it, considered it syntactic sugar - Anne: looking for AI's from previous call - we're all supposed to be responding to these concrete proposals for XACML 1.1 4. Review of meeting yesterday - Hal: we're not in quorum, so this is just review - Anne: when through the proposal, and it looks pretty good - Tim took an AI to do examples from various realms - but he's on vacation for rest of month - question came up: do we have datetime duration equals function? - Hal: they're pretty rare, but they do exist - [...discussion...] - Anne: we would like, if people have a chance to read the proposal, to get feedback from implementors - we think compilation of policies is not spelled out well - overall, thinks the proposal is pretty good, just needs more clarity 5. Other business - Hal: we have target dates for voting on 1.1 - Karl Best has circulated to the chairs list a draft proposal to change the TC process - one of the items is changing the OASIS members' review from 30 to 60 days - it is just a proposal - his justification is that this makes it consistent with some international standard - relevant to lawsuit regarding Rambus - just want people to be aware that the endpoint for 2.0, and possibly 1.1, could be pushed out a little longer 6. Adjourn - Adjourned - Next week is focus group - Following week is next official TC meeting -- Steve
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]