[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes of XACML TC Meeting - April 13, 2006
Minutes of April 13, 2006 Attendees: Daniel Engovatov Hal Lockhart (Co-chair) Michiharu Kudo Ron Williams Argyn Kuketayev Abbie Barbir Kamalendu Biswas Erik Rissanen Bill Parducci (Co-chair, minutes) Anne Anderson (minutes) Seth Proctor David Staggs Quorum was achieved (83% per Kavi) 1. Approval of minutes from March 30 http://lists.oasis-open.org/archives/xacml/200603/msg00001.html Approved unanimously 2. SAML Profile Updated Anne reported that the update incorporates all errata reported against our XACML 2.0 standard profile. Among other things Advice has also been added to allow Policies to be passed as an Advice in an Assertion. Anne will post details to the list. 3. ITU-T update Abbie introduced an updated submission to ITU-T based on input from Anne. XACML 2.0 references a specific working draft of the W3C XQuery and XPath Functions and Operators spec for two DataTypes, the functions related to them, constructor functions for all XML Schema primitive DataTypes, and for the definition of Regular Expressions. ITU does not allow references to things that are not yet approved standards. Solution was to include the text of the referenced sections of the XQuery and XPath draft directly into the ITU version of the XACML specification in paraphrased form to avoid copyright issues. Daniel reported there was a meeting of the W3C XQuery and XSLT/XPath WG at Oracle last week. They plan to move the datatypes defined in XQuery into the XML Schema. Next meeting in June; Committee Recommendation by Aug. XACML TC can't use their changes now, since still not approved standard, but should sync up at some point for XACML 3.0. 4. Issues #11 CLOSED. already supported. #12 This is being addressed by the work on Obligations. Bill & Michiharu are pursuing this. #13 Hal has concerns about the transitive implications of this. Anne and Erik offered that this may be resolvable. Erik is interested in this topic looking to work on this Issue but does not have a time line. Hal requested more explicit use cases so can narrow this down. OPEN #14 "What do I do?": "What if" scenario where more general conclusions (#12) are supported. e.g. I'm trying to access Server A, result is "redirect to Server B". I.e. can be handled with Obligations and XACML's existing "what if". CLOSED. Re-open if it comes up again. #18 Split out the sub-issue: "When are attributes chosen (evaluated)? At time of issuance or at policy evaluation?" Added as Issue #35. The remainder of the Issue is currently addressed in the latest draft (no differentiation). consensus is "no distinction among delegates in conditions on delegates". Problem exists in specifying the functions on delegates because it requires bags of bags (each delegate needs its own bag of attributes, they can't be mixed). Now you specify a condition and it must apply individually to each and all indirect delegates. CLOSED. #22 Right to revoke: We now have conditions on right to issue a policy, but none on right to revoke a policy. There are many types of revocation. Currently the administrator (someone who satisfies a delegate condition in a "supporting" policy) can remove any policy (good for historic attribute support). A policy that arrives with a request is used to evaluate only that request and is then automatically revoked. PRP="Policy Revocation Point". Bill suggested that this is an implementation issue. OPEN. #23 Access Permitted: Hal has written a proposed function. OPEN #25 ACTION: Erik will revisit the text to make this easier to read. The next meeting will begin back on Issue #26. meeting adjourned.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]