[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes of XACML Focus Group, 11 March 2004
Minutes of XACML Focus Group, 11 March 2004 10:00 am EST; Teleconference Present: Anne Anderson Simon Godik Tim Moses Agenda: there was no pre-defined agenda 1. New XACML 2.0 draft Tim reported that he will try to get Draft 07 out tomorrow, with the draft to include the recent ConditionReference text and schema changes posted in http://lists.oasis-open.org/archives/xacml/200403/msg00062.html This is the jointly agreed solution from Simon and Polar. 2. SAML and XACML compatibility Anne reported that the most recent SAML Attribute proposal is in general extremely XACML-friendly: an Attribute will have a name and a datatype as the only required XML attributes. This makes mapping a SAML Attribute to an XACML Attribute trivial. SAML is considering allowing arbitrary optional XML attributes in a SAML Attribute. XACML could 1) Profile SAML saying "Don't use any other XML attributes if you want to use your SAML Attribute elements with XACML, 2) XACML could follow SAML, allowing arbitrary optional XML attributes in XAMCL AttributeDescriptors and XACML Attributes that would have to match exactly as strings, just as the current Issuer, DataType, and AttributeId attributes are matched, 3) Same as 2) except that, now that SAML is adding a datatype attribute associated with the Issuer name, XACML could require use of the match semantics for that datatype when matching Issuer name, 4) The additional SAML Attributes could be put into the XACML AttributeValue, which is completely extensible. Only XPath AttributeSelectors would be able to select on these in this case. Tim asked if XACML should hold up XACML 2.0 for SAML 2.0. Consensus among attendees was "no". If SAML 2.0 is not solid enough on the XACML compatibility issues by the time we have to freeze XACML 2.0 for all other work items, then publish XACML 2.0 without SAML changes. SAML compatibility can be addressed in XACML 2.1 or whatever. XACML has survived this long without complete SAML compatibility, so should be able to survive a while longer. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]