OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Minutes of XACML Focus Group, 11 March 2004


Minutes of XACML Focus Group, 11 March 2004
10:00 am EST; Teleconference

Present:
  Anne Anderson
  Simon Godik
  Tim Moses

Agenda: there was no pre-defined agenda

1. New XACML 2.0 draft

Tim reported that he will try to get Draft 07 out tomorrow, with
the draft to include the recent ConditionReference text and
schema changes posted in

http://lists.oasis-open.org/archives/xacml/200403/msg00062.html

This is the jointly agreed solution from Simon and Polar.

2. SAML and XACML compatibility

Anne reported that the most recent SAML Attribute proposal is in
general extremely XACML-friendly: an Attribute will have a name
and a datatype as the only required XML attributes.  This makes
mapping a SAML Attribute to an XACML Attribute trivial.

SAML is considering allowing arbitrary optional XML attributes in
a SAML Attribute.  XACML could
1) Profile SAML saying "Don't use any other XML attributes if you
   want to use your SAML Attribute elements with XACML,
2) XACML could follow SAML, allowing arbitrary optional XML
   attributes in XAMCL AttributeDescriptors and XACML Attributes
   that would have to match exactly as strings, just as the
   current Issuer, DataType, and AttributeId attributes are
   matched,
3) Same as 2) except that, now that SAML is adding a datatype
   attribute associated with the Issuer name, XACML could require
   use of the match semantics for that datatype when matching
   Issuer name,
4) The additional SAML Attributes could be put into the XACML
   AttributeValue, which is completely extensible.  Only XPath
   AttributeSelectors would be able to select on these in this
   case.

Tim asked if XACML should hold up XACML 2.0 for SAML 2.0.
Consensus among attendees was "no".  If SAML 2.0 is not solid
enough on the XACML compatibility issues by the time we have to
freeze XACML 2.0 for all other work items, then publish XACML 2.0
without SAML changes.  SAML compatibility can be addressed in
XACML 2.1 or whatever.  XACML has survived this long without
complete SAML compatibility, so should be able to survive a while
longer.

Anne
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]