[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: minutes of the XACML TC meeting of May 29, 2003
|
Minutes for the XACML TC meeting of Members Present: Simon Godik, Anne Anderson, Anthony Nadalin, Steve Crocker -- scribe, Bill Parducci, Hal Lockhart, Steve Anderson, Frank Siebenlist. A motion to approve the TC meetings' minutes from was moved and approved. Anne made a motion to approve RBAC as an official work item, which was seconded, and no objections were made.
Anne will put the RBAC proposal in an official OASIS format. The June 9 meeting will be focused on discussing the RBAC profile with three people from NIST. All are
invited. The subcommittee meeting minutes will go to the general mailing list. Please put XACML and RBAC in the subject header to allow automatic mail filtering. The June 9 meeting will give a better indidation of how much work and how many meetings the RBAC work will require. Chances of being able to use the teleconference line for RBAC work is high. Item: 1.1 work items: Progress on 1.1 errata list is minimal.
Simon had trouble with getting the XACML spec, errata list document from web site. Aim is to get it to a complete and correct reflection of the state of the spec. Anne has one new item to add to the list. At the end of the meeting, it was agreed to target the errata list in next week's working group meeting. Items A-H from the focus group meeting's items A: fully specified
hierarchical resources-- needs more issues resolved B: adding ID attribute--can
probably be dropped, no champion willing to save it. A motion was made to drop
item B from 1.1, and seconded. no
objections. Item B is dropped. C: deterministic algorithm for
combining obligations-- AA: Seth Proctor wants to
submit proposal, not for obligation, but for a deterministic algorithm (eval order) for evaluation.
e.g.: algorithm is not free to skip unavailable policies.
This would be a new XACML standardized combining algorithm. Hal: feels opposite, use
cases are rare where order of evaluation matters.
Those cases where order of eval effects obligations presented are rare. Some discussion on
non-deterministic algorithms allow evaluation optimization. CA: may not be manditory to implement, but it
would be standardized. AA: will make proposal
for inclusion in 1.1 Motion was made to drop
item C (combining obligations): moved, seconded, no
objections. Item C is dropped. D: Obligations in rule elements: Allows the option to
attach obligations to rules rather than just policies. AA: wants to delay to see
details of what will go into the spec before
approval. E: Condition References AA: Michiharu is ok
with dropping this if references to rules are
included. They can give the same effect.
(see item H) H: References to Rules: proposal is mature are
ready for vote: SG: how is equal to
condition reference AA: If Michihara's
proposal is for condition references only from the top level condition element in a rule, A rule reference could accomplish the same effect by wrapping the condition in a rule whose target is 'any' and refering to that rule. Confusion reigns, we'll
have to get clarification, and to look at it again. Reference is allowed to top level condition elements. F: properties for new combining algorithms: AA: thinks this is too
open ended, need a use case Michiharu had a use
case for a privacy policy. CA: need to see
Michiharu's response to AA, so it stays on the list for next
call. Michihara on the call would be very helpful G: Put environment in target element Michiharu is the source AA: resonable HL: generally opposed
but if it's optional, doesn't affect those who don't
need it, AA: use case:
applicability based on time of day, policies that apply only during
certain hours. HL: time (being
continuous) is not a great candidate for discrete indexing. HL, CA: generally don't
like it if it can be misused or abbused. CA: will this be backward compatible to 1.0 SG: wants list of
attributes as indexing hints rather than extending the
target. HL: suggests dropping
for 1.1, maybe consider for 2.0, no objections. Motion to drop this
proposal from consideration for 1.1 was moved, 2nd no
objections. Item G dropped. Motion to adjorn, seconded, no objections. Upcoming events: Next week's focus group
will discuss references to rules and the errata list. RBAC with NIST folks on
June 9. Next full group meeting,
June 11. A request was made for a sanity check for the proposed 1.1 time frame. |
Minutes for the XACML TC meeting of May 29, 2003
Members Present:
Carlisle Adams,
Simon Godik,
Anne Anderson,
Anthony Nadalin,
Steve Crocker -- scribe,
Bill Parducci,
Hal Lockhart,
Steve Anderson,
Frank Siebenlist.
Carlisle took role and quorum was reached.
A motion to approve the TC meetings' minutes from 5/1/03 and 5/15/03
was moved and approved.
Anne made a motion to approve RBAC as an official work item, which was
seconded, and no objections were made. Anne will put the RBAC
proposal in an official OASIS format.
The June 9 meeting will be focused on discussing the RBAC profile with
three people from NIST. All are invited. The subcommittee meeting
minutes will go to the general mailing list. Please put XACML and
RBAC in the subject header to allow automatic mail filtering. The
June 9 meeting will give a better indidation of how much work and how
many meetings the RBAC work will require. Chances of being able to
use the teleconference line for RBAC work is high.
Carlisle stepped through the items on today's adjenda:
Item: 1.1 work items:
Progress on 1.1 errata list is minimal. Simon had trouble with
getting the XACML spec, errata list document from web site. Aim is to
get it to a complete and correct reflection of the state of the spec.
Anne has one new item to add to the list. At the end of the meeting,
it was agreed to target the errata list in next week's working group
meeting.
Items A-H from the focus group meeting's items
A: fully specified hierarchical resources-- needs more issues resolved
B: adding ID attribute--can probably be dropped, no champion willing
to save it.
A motion was made to drop item B from 1.1, and seconded. no objections.
Item B is dropped.
C: deterministic algorithm for combining obligations--
AA: Seth Proctor wants to submit proposal, not for
obligation, but for a deterministic algorithm (eval
order) for evaluation. e.g.: algorithm is not free to
skip unavailable policies. This would be a new XACML
standardized combining algorithm.
Hal: feels opposite, use cases are rare where order of
evaluation matters. Those cases where order of eval
effects obligations presented are rare.
Some discussion on non-deterministic algorithms allow
evaluation optimization.
CA: may not be manditory to implement, but it would be
standardized.
AA: will make proposal for inclusion in 1.1
Motion was made to drop item C (combining obligations):
moved, seconded, no objections. Item C is dropped.
D: Obligations in rule elements:
Allows the option to attach obligations to rules rather
than just policies.
AA: wants to delay to see details of what will go into
the spec before approval.
E: Condition References
AA: Michiharu is ok with dropping this if references
to rules are included. They can give the same effect.
(see item H)
H: References to Rules: proposal is mature are ready for vote:
SG: how is equal to condition reference
AA: If Michihara's proposal is for condition
references only from the top level condition element
in a rule, A rule reference could accomplish the same
effect by wrapping the condition in a rule whose
target is 'any' and refering to that rule.
Confusion reigns, we'll have to get Mich involved for
clarification, and to look at it again. Reference is
allowed to top level condition elements.
F: properties for new combining algorithms:
AA: thinks this is too open ended, need a use case
Michiharu had a use case for a privacy policy.
CA: need to see Michiharu's response to AA, so it stays
on the list for next call. Michihara on the call would
be very helpful
G: Put environment in target element
Michiharu is the source
AA: resonable
HL: generally opposed but if it's optional, doesn't affect
those who don't need it,
AA: use case: applicability based on time of day, policies that
apply only during certain hours.
HL: time (being continuous) is not a great candidate for discrete
indexing.
HL, CA: generally don't like it if it can be misused or
abbused.
CA: will this be backward compatible to 1.0
SG: wants list of attributes as indexing hints rather than
extending the target.
HL: suggests dropping for 1.1, maybe consider for 2.0, no
objections.
Motion to drop this proposal from consideration for 1.1
was moved, 2nd no objections. Item G dropped.
Motion to adjorn, seconded, no objections.
Upcoming events:
Next week's focus group will discuss references to rules and
the errata list.
RBAC with NIST folks on June 9.
Next full group meeting, June 11.
A request was made for a sanity check for the proposed 1.1 time frame.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]