[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes of 5 August 2004 XACML TC Meeting
Attendees: Bill Parducci Anne Anderson Hal Lockhart Ron Jacobson Ed Coyne Simon Godik Daniel Engovatov Seth Proctor Steve Anderson Quorum reached. Agenda: I. Minutes from 8 July and 22 July meetings voted upon: Corrections: none Approved unanimously. II. XACML XML DSig Profile - Anne a. Canonicalization PROPOSAL: rewrite the XACML XML DSig Profile to say "XACML RECOMMENDS encapsulating XACML schema instances in SAML Queries and Assertions as described in the XACML Profile for SAML 2.0, and signing the SAML instance according to the SAML digital signature mechanisms." and then listing various canonicalization issues that SHOULD be addressed (taken from the Committee Draft above), but not make any recommendation about how to resolve them. Decision: APPROVED b. Signatures on referenced PolicySets and Policies PROPOSAL: (Go back to) allow an optional Name="Hash" Type="xml:hexBinary"? XML attribute in a <PolicyIdReference> or <PolicySetIdReference>, specified as MD5-SHA1 (or some other specific algorithm) for interoperability. Seth: the addition of the Version element allows for retrieval of a specific version Hal: Prefer using SHA1 for consistency. Anne: OK. Will create a profile. Hal: Schema change needs to be made. Simon: When hash is computed, do you apply canonicalization? How? TC: This is a non-trivial issue. Decision: REJECTED III. XACML RBAC Profile - Anne There are issues with RBAC concerning dynamic separation of duty. There is a solution but it doesn't fit with current hierarchical model. Since the solution has been presented by a non-member Anne will perform a literature search to check for potential IP issues. IV. XACML Profile for Request for Multiple Resources - Anne TC please review. Current version has a new scope value called EntireHierarchy for requesting an entire hierarchy atomically. V. Privacy policy profile of XACML TC please review. VI. XACML Profile for SAML 2.0 - Anne a. Need to map each of our error status cases to one of these. Or "as long as there is an XACML <result>, then it is Success". ACTION ITEM: Anne to post proposed mappings. b. Decision validity period SHALL be consistent with validity periods of inputs to the decision. Remaining constraints not needed. VII. XACML Profile for Hierarchical Resources - Anne, Daniel PROPOSAL: Anne proposes that the XACML Profile for Hierarchical Resources not define a special URI for this mechanism. If an implementation needs an identifier to indicate that it supports these Attributes, then the URIs of the Attributes themselves could be used for this purpose. Daniel: Concerned that there should be a URI so that there is some way to advertise the ability to support hierarchical resources. Hal: there isn't a mechanism for conformance advertisement Anne: that is why general URIs were added, in case revisit in the future. VIII. Delegation - Simon Simon: Request an extension. Hal: Can it be moved forward independently of v2 specification? Simon: Not considering an extension of the core specification (Issuer), so may proceed without holding up v2 progress. IX. General Business a. Timing Hal: Tentative proposal to being two week internal review starting the first plenary meeting of September. Simon: is there still room then for consideration of work in progress? TC: Yes. Simon will post a proposal for delegation ASAP. b. Oasis IPR Policy Oasis has a new Draft by the IPR policy that significantly affects Individual members. TC please review to determine the effect on respective member organizations. Meeting adjourned. b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]