xacml message

Subject: Minutes from 17 August 2006 TC Meeting
From: Bill Parducci <bill.parducci@simulalabs.com>
To: xacml <xacml@lists.oasis-open.org>
Date: Thu, 17 Aug 2006 18:55:43 -0700
Minutes of the OASIS XACML Technical Committee Meeting
17 August 2006

Voting Member Attendees:

  Hal Lockhart
  Michiharu Kudo
  Argyn Kuketayev
  Abbie Barbir
  Kamalendu Biswas
  Erik Rissanen
  Bill Parducci
  Anne Anderson
  David Staggs

Member Attendees:
  Rich Levinson

1. Roll Call and Agenda Review

    Quorum was achieved

2. Minutes

    These will be reviewed at the next meeting due to issues with Oasis
    mail server.

3. Oasis Errata documents

    Bill reported that he had not heard back re: Oasis' direction on
    errata documents.

    Hal offered that changes are being considered by the Oasis Board to
    make Errata docs normative.

    There is general consensus by the TC that in addition to the
    individual errata items, allowing a red-line version to be normative
    would be quite valuable.

    Anne said that she will not be able to develop an errata draft that
    identifies the individual errata items for several weeks and asked
    that for a volunteer if there is a need to move this process forward
    more quickly.

4. Issue Discussion

  - WS-Policy Assertion formats for XACML (#47)

    ACTION: Anne will develop a draft on how an XACML policy should be
    included in a WS-Policy instance based upon her initial discussion to
    the list.

  - SAML profile: Do we add attributes to the access request? (#44)

    We have already agreed that we will allow additional attributes for
    delegates to be included in the Request Context.  The issue here is
    whether attributes that apply to the Access Subject (i.e. one of the
    original Subjects) can be included here.  The current draft says
    they can, in order to support more consistency of processing, even if
    it does mean an extra processing step.

    STATUS: Pending Review

  - In the SAML profile: Translation of saml:Subject? (#45)

    The meaning of "saml:Subject element has to be 'consistent' with the
    *-id attributes" text in the current SAML Profile needs to be
    clarified.  this will be addressed via the SAML errata and is not
    relevant to v3 of the XACML spec as it is basically an issue of
    clarity in the text.

    STATUS: Closed


  - SAML profile: multiple holders of attributes (#46)

    Erik reviewed with the TC. Current draft says one attribute may be
    associated with multiple holders.

    STATUS: Pending Review

  - SAML Profile: Use SAML Attributes instead of XACML Attributes? (#48)

    Erik asked if there is any situation where a PEP couldn't determine
    the XACML Attributes? It would be simpler for the PDP if there was a
    single schema for Attribute processing.

    Hal offered that is there is value in passing a raw SAML assertion
    and that the processing would be simpler in the Context Handler.

    Bill offered that this would create a dependency upon the SAML spec
    for policy creation and this would remove separation of concerns
    between SAML and XACML.

    The TC will continue to study this.

meeting adjourned.