Minutes of 11 November 2004 XACML TC Meeting

[Bill Parducci <bparducci@gluecode.com>]

Attendees:
Bill Parducci
Hal Lockhart
Anne Anderson
Tim Moses
Ron Jacobson
Ed Coyne
Seth Proctor
Polar Humenn
Erik Rissanen
Michael McIntosh
Daniel Engovatov
Steve Anderson
Mary McRae
Michiharu Kudo
Frank Siebenlist

Quorum reached (81% per Kavi)

Agenda:

I.   Minutes from 28 October meeting voted upon:
      Moved: Anne
      Second: Michael
      Corrections: none
      Approved unanimously.

II. XACML v2.0 status

   -Core spec:
    Tim:  A posting has been made re: naming consistency to comments
          list.
          The naming change increases the consistency of naming in a
          couple of v2 functions. TC believes that incorporating these
          changes will not affect the specification significantly and
          should be incorporated; changes are:

          regexp-rfc822Name-match -> rfc822Name-regexp-match
          regexp-x500Name-match -> x500Name-regexp-match


   -SAML profile "inconsistency"
    Anne has made all recommended changes based on conversations with Eve
    Maler.

    VOTE: Amended both specifications to Committee Draft
          (to include name changes described by Tim above)
    Move: Anne
    Second: Daniel
    Approved unanimously.

   -Attestations
    BEA and Entrust have posted Attestations, Gluecode has committed to
    attesting by 15 December 2004. As a result all specifications will
    remain at Committee Draft status until after 15 December.

   -Schedule
    With the next meeting falling of the US Thanksgiving holiday the next
    plenary meeting will be held on 9 December, 2004.

III. XACML Summary
    After a brief discussion, an unanimous agreement--the TC has modified
    its Summary to: "Representing and evaluating access control policies"

IV. XACML+
    Tim has proposed some suggestion to the XACML spec that will allow
    policies to be used in areas outside of pure access control. The
    concept is not to constrain XACML's ability to describe access
    control, but to optimize it in such a way that it can be used in non
    access   control situations (e.g. management policies). Tim reviewed
    his proposal with the TC.

V. XACML References
    Anne  Will our Reference include products that implement XACML?

          Several members felt this would be a good idea, and there
          were no objections other than a question about whether
          listing products would violate any OASIS policies.

    Hal   Suggested we list other specs which refer to XACML and promised
          to provide a few.

    ACTION Hal will discuss with Oasis whether this violates any of their
           policies.

VI. Delegated Administration
     Erik will be posting a proposal on delegated administration to the
     group.

Meeting Adjourned.