OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Proposed agenda - August 5 TC meeting


Date: Thursday, August 5, 2004
Time: 10:00 AM EDT
Tel: 512-225-3050 Access Code: 65998

Proposed Agenda:

10:00-10:05 Roll Call and Agenda Review

10:05 - 10:10 Vote on approval of minutes from July 8 & 22 meetings:
   http://www.oasis-open.org/archives/xacml/200407/msg00013.html
   http://www.oasis-open.org/archives/xacml/200407/msg00087.html

10:10 - 10:55 Review of Current Proposals

1. XACML XML DSig Profile - Anne

    a. Canonicalization

       PROPOSAL: rewrite the XACML XML DSig
       Profile to say "XACML RECOMMENDS encapsulating XACML schema
       instances in SAML Queries and Assertions as described in
       the XACML Profile for SAML 2.0, and signing the SAML
       instance according to the SAML digital signature
       mechanisms." and then listing various canonicalization
       issues that SHOULD be addressed (taken from the Committee
       Draft above), but not make any recommendation about how to
       resolve them.

    b. Signatures on referenced PolicySets and Policies

       PROPOSAL: (Go back to) allow an optional
       Name="Hash" Type="xml:hexBinary"? XML attribute in a
       <PolicyIdReference> or <PolicySetIdReference>, specified as
       MD5-SHA1 (or some other specific algorithm) for interoperability.

2. XACML Profile for Role Based Access Control (RBAC), Version 2.0

    a. Separation of Duty - Anne

       PROPOSAL: Anne to continue work on Profile independently of XACML
       2.0 progress.

3. XACML Profile for Request for Multiple Resources

    No known issues.  TC to review and comment.

4. XACML Profile for Hierarchical Resources - Anne, Daniel

    a. URI for support for resource-ancestor, resource-parent

       PROPOSAL: Anne proposes that the XACML Profile for Hierarchical
       Resources not define a special URI for this mechanism.  If
       an implementation needs an identifier to indicate that it
       supports these Attributes, then the URIs of the Attributes
       themselves could be used for this purpose.

       PROPOSAL: Daniel proposes that we have a URI defined for use in
       indicating support for these Attributes as a hierarchical
       resource mechanism.

5. Privacy policy profile of XACML

    No known issues.  TC to review and comment.

6. XACML Profile for SAML 2.0 - Anne

    a. Populating SAML Response/Status/StatusCode/Value

       PROPOSAL: The following are the only permitted values, as
       specified by SAML.  Anne proposes they be used as described.

       o urn:oasis:names:tc:SAML:2.0:status:Success
             The request succeeded [a Statement is encapsulated]
       o urn:oasis:names:tc:SAML:2.0:status:Requester
             The request could not be performed due to an error on
             the part of the requester.
       o urn:oasis:names:tc:SAML:2.0:status:Responder
             The request could not be performed due to an error on
             the part of the SAML responder or SAML authority.
       o urn:oasis:names:tc:SAML:2.0:status:VersionMismatch
             The SAML responder could not process the request
             because the version of the request message was
             incorrect.

    b. Populating SAML Assertion/Conditions and Assertion/Advice

       PROPOSAL: Anne proposes that our Profiles not specify any
       values for these, but say a Requester and Responder MAY
       agree to add Conditions or Advice appropriate for their
       environment and protocol agreements.

7. Delegation - Simon

       No proposal to date.

10:55 - 11:00 General Business

1. Review of Current Proposals
    Tim has posted the latest version of the specification for TC
    review.

2. OASIS IPR Policy

    Oasis has made significant changes to its IPR policy. All members of
    the TC are encouraged to review this policy.

b


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]