[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes of July 21 2004 XACML TC Meeting
Attendees: Tim Moses Bill Parducci (minutes) Tony Nadalin Hal Lockhart Erik Rissanen David Staggs Ron Williams Quorum reached (80% per Kavi) Agenda: I. Minutes from July 7 meeting voted upon: Approved unanimously No objections II. Delegation (Issuer) Naming of Subject of administrative Policy. Tim suggests Issuer is the appropriate name. Ron offered that Delegate is more accurate (on list). Tim countered that Delegate would include access Subject and this is more general in its 'ordinary' use. Others asked to weigh in. Hal noted that the term "Pending Policy" is an interesting term to describe a Policy that has not been fully evaluated in the decision chain (temporal description). Ron raised concern about increasing complexity in model via the introduction of increased semantics and that this will ultimately reduce flexibility in the model. Hal also noted that the term "Administrative Policy" is also appears to effective semantic in the delegation model. Both Tim and Erik are currently using this term. III. Hypothetical Queries HQ: Given a Subject to what Targets is access authorized? HQ: Given a Target what Subjects are authorized to access? Hal asked how this would be addressed by XACML? Could this be handled via partial evaluation (non-enumerated). Ron stated that he is not addressing computational efficiency, but that a general case should allow such questions to be allowable despite some systems' inability to address the problem realistically. Daniel suggested that this issue can be addressed attribute manipulation. Bill stated that it may be possible to answer first HQ above, but not second because current implementation is limited to Permit|Deny response. Daniel's position is that "who" is not defined within the system, Subjects are just a collection of attributes. Ron offered that an audit process may wish to access for listing of all Subjects that can access a particular Target. Hal suggested that there are two ways to address this: partial evaluation (query attribute limitation); limited scope of request (PDP constraint). David offered that XML processing would be inefficient for addressing this type of processing. Hal suggested that optimization strategies include non internal XML representation and localized PDP/PEP processing. Anne offered that there are academic references on the TC website that may provide insight on the subject. III. Work Items No significant updates to Work Item list IV. General Bill will post to the list when there is an update to the wiki availability. The Chair has asked for volunteers to consider hosting the next F2F. The tentative date is some time in September. meeting adjourned.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]