Minutes of 8 July 2004 XACML TC Meeting

[Bill Parducci <bparducci@gluecode.com>]

XACML TC General Body Meeting Minutes
8 July 2004; Time: 10:00 AM EDT

Attendees:
Bill Parducci
Anne Anderson
Hal Lockhart
Frank Siebenlist
Ron Jacobson
Michiharu Kudo
Ed Coyne
Anthony Nadalin
Polar Humenn
Tim Moses
Simon Godik
Steve Anderson
Michael McIntosh

Quorum reached.

Agenda:

Minutes from 24 June meeting voted upon:
    Corrections: none
    Moved: Anne
    Approved unanimously.

Version Utilization
   Tony:  There have been postings to the list. Is it desirable by the TC
          to proceed?
   Anne:  There are many things beyond a simple match to support a given
          policy.
   Tony:  These issues underscore the need for such definition.
   Polar: The utilization of Profiles introduces a high degree of
          complexity
   Tony:  Lets hold off until the W3C meeting

   STATUS: Defer until after v2

Non-XML hierarchical resource Use Case
   Daniel not present

   STATUS: open

XACML "time" review
   Seth not present

   STATUS: open

Hierarchical resource "clarity"
   Anne:  XPath expression usage is not clear in the Profile with respect
          to node retrieval. Agreement on the intent of the specification
          is requested prior to Anne and Seth work to resolve the
          ambiguity. Is the the general consensus that the response is
          for a single node at a time?
   Bill:  That is my understanding.
   Hal:   Yes, you would receive a whole series of results.
   Anne:  I think we need to specify the case where you might the
          resource as a "whole" (vs. a collection of documents).

ACTION ITEM: Anne and Seth will come up with a proposal for handling
              this.

<Issuer> solution
   Hal:   Is there a minimal change to the core schema that allow for the
          basic functionality to be implemented? (extend via Profile)
   Polar: It could be handled as a combining parameter, making it a
          subset of the combining algorithm. However, I have not given
          this as much thought as I would like.
   Hal:   Is there enough agreement on the overall approach?
   Polar: Yes, so long as it is handled in the combining parameter (the
          core schema is not affected).
   Anne:  This then can be handled in Profile?
   Frank: I am not sure that would work.
   Hal:   The lack of agreement indicates that this topic should be
          pushed to post v2
   Frank: I suggest that we put Issuer in the schema unless Polar comes
          up with an alternative proposal.
   Polar: Placing Issuer in the schema introduces issues that should also
          be covered.
   Bill:  Suggest that this be discussed over the next two weeks with a
          concrete proposal to be voted upon at the next plenary meeting
          to deal with this, otherwise the topic will be pushed to post
          v2.
   Frank: I would like this to be a topic at the next focus meeting.

ACTION ITEM: Discussion will proceed until next plenary meeting where
              the topic will be voted upon (the focus group meeting will
              be used for further verbal discussion).

URL matching function
   Bill: The proposal was generated from the discussion of the last
         meeting.
   Tim:  I have a Use Case that I will post to the list to address.
   Hal:  The TC should review and  to vote at the next meeting.

   ACTION ITEM: TC review and comment.

IP address matching function/definition
   Bill: The proposal on the list came from the ambiguity. For example, I
         found in the current draft definition of subnet mask are not
         clear. Also, this proposal was intended to show that this
         problem is not as easy as we might have imagined originally.
   Hal:  I would not have a problem if we drop ipv6 from v2.
   Anne: Should this be turned into profile?
   Tim:  If we focus on ipv4 only and it is defined now, shouldn't we
         introduce it into the core spec?

ACTON ITEM: Anne will review Profile vs. core modification (removing
             ipv6 references). If a Profile Anne will post to the list
             otherwise Tim will incorporate into the draft for review.

RBAC
   Anne: The proposal is not final. Next week I will wrap up with
         consideration of recommendation from comments list and reworked
         examples.

   ACTION ITEM: Anne will post updated version to the list.

"Diffs" document (bill)
   Bill: The approach has been to list the changes and rely upon the
         specification for elaboration.
   Hal: perhaps there should be references to the specification.

   ACTION ITEM: TC to review.

v12 core draft (tim)
   Tim: The TC should consider the draft as final and scrutinize it in
        preparation for public scrutiny.

   ACTION ITEM: TC to review.

meeting adjourned.

b