[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] minutes of the XACML TC meeting of May 29, 2003
I have a question on the decision about dropping item G in the last call. I
think that we should spend more time to discuss about this item because
there had been no sufficient discussions on the list. (I noticed that there
is a positive comment from Anne) Since the use case I wrote has an
indexable parameter (purpose) which is independent of subject, resource,
and action, it is reasonable to allow this extension if it keeps backward
compatible.
Michiharu
"Steve Crocker"
<steve.crocker@pss-s To: <xacml@lists.oasis-open.org>
ystems.com> cc:
Subject: [xacml] minutes of the XACML TC meeting of May 29, 2003
2003/05/30 01:45
Minutes for the XACML TC meeting of May 29, 2003
Members Present:
CarlisleAdams,
Simon Godik,
Anne Anderson,
Anthony Nadalin,
Steve Crocker -- scribe,
Bill Parducci,
Hal Lockhart,
Steve Anderson,
Frank Siebenlist.
Carlisletook role and quorum was reached.
A motion to approve the TC meetings' minutes from 5/1/03and 5/15/03
was moved and approved.
Anne made a motion to approve RBAC as an official work item, which was
seconded, and no objections were made. Anne will put the RBAC
proposal in an official OASIS format.
The June 9 meeting will be focused on discussing the RBAC profile with
three people from NIST. All are invited. The subcommittee meeting
minutes will go to the general mailing list. Please put XACML and
RBAC in the subject header to allow automatic mail filtering. The
June 9 meeting will give a better indidation of how much work and how
many meetings the RBAC work will require. Chances of being able to
use the teleconference line for RBAC work is high.
Carlislestepped through the items on today's adjenda:
Item: 1.1 work items:
Progress on 1.1 errata list is minimal. Simon had trouble with
getting the XACML spec, errata list document from web site. Aim is to
get it to a complete and correct reflection of the state of the spec.
Anne has one new item to add to the list. At the end of the meeting,
it was agreed to target the errata list in next week's working group
meeting.
Items A-H from the focus group meeting's items
A: fully specified hierarchical resources-- needs more issues resolved
B: adding ID attribute--can probably be dropped, no champion willing
to save it.
A motion was made to drop item B from 1.1, and seconded. no
objections.
Item B is dropped.
C: deterministic algorithm for combining obligations--
AA: Seth Proctor wants to submit proposal, not for
obligation, but for a deterministic algorithm (eval
order) for evaluation. e.g.: algorithm is not free to
skip unavailable policies. This would be a new XACML
standardized combining algorithm.
Hal: feels opposite, use cases are rare where order of
evaluation matters. Those cases where order of eval
effects obligations presented are rare.
Some discussion on non-deterministic algorithms allow
evaluation optimization.
CA: may not be manditory to implement, but it would be
standardized.
AA: will make proposal for inclusion in 1.1
Motion was made to drop item C (combining obligations):
moved, seconded, no objections. Item C is dropped.
D: Obligations in rule elements:
Allows the option to attach obligations to rules rather
than just policies.
AA: wants to delay to see details of what will go into
the spec before approval.
E: Condition References
AA: Michiharu is ok with dropping this if references
to rules are included. They can give the same effect.
(see item H)
H: References to Rules: proposal is mature are ready for vote:
SG: how is equal to condition reference
AA: If Michihara's proposal is for condition
references only from the top level condition element
in a rule, A rule reference could accomplish the same
effect by wrapping the condition in a rule whose
target is 'any' and refering to that rule.
Confusion reigns, we'll have to get Michinvolved for
clarification, and to look at it again. Reference is
allowed to top level condition elements.
F: properties for new combining algorithms:
AA: thinks this is too open ended, need a use case
Michiharu had a use case for a privacy policy.
CA: need to see Michiharu's response to AA, so it stays
on the list for next call. Michihara on the call would
be very helpful
G: Put environment in target element
Michiharu is the source
AA: resonable
HL: generally opposed but if it's optional, doesn't affect
those who don't need it,
AA: use case: applicability based on time of day, policies that
apply only during certain hours.
HL: time (being continuous) is not a great candidate for discrete
indexing.
HL, CA: generally don't like it if it can be misused or
abbused.
CA: will this be backward compatible to 1.0
SG: wants list of attributes as indexing hints rather than
extending the target.
HL: suggests dropping for 1.1, maybe consider for 2.0, no
objections.
Motion to drop this proposal from consideration for 1.1
was moved, 2nd no objections. Item G dropped.
Motion to adjorn, seconded, no objections.
Upcoming events:
Next week's focus group will discuss references to rules and
the errata list.
RBAC with NIST folks on June 9.
Next full group meeting, June 11.
A request was made for a sanity check for the proposed 1.1 time frame.
You may leave a Technical Committee at any time by visiting
http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php
#### minutes_5_29_03.txt has been removed from this note on June 05 2003 by
Michiharu Kudoh
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]