xacml message

Subject: Minutes 15 February XACML TC Meeting
From: Bill Parducci <bill.parducci@simulalabs.com>
To: xacml@lists.oasis-open.org
Date: Wed, 28 Feb 2007 21:25:41 -0800
(Sorry for the lateness of these, just realized that the Draft was  
sitting on my mail client)

Minutes of XACML TC Meeting 15 February 2007

I  Roll Call & Minutes

     Attendees

      Hal Lockhart (Co-chair)
      Bill Parducci (Co-chair, minutes)
      Erik Rissanen
      Anne Anderson
      Seth Proctor
      David Staggs
      Ron Williams
      Prateek Mishra
      Tony Nadalin
      Rich Levinson
      Sekhar Sarukkai (Securent; intends to be voting member)

      Quorum was achieved

- Review minutes from 1 February TC meeting
     http://lists.oasis-open.org/archives/xacml/200702/msg00001.html

     UNANIMOUS CONSENT

- F2F
     IBM has offered to host the F2F in its Austin facility (Texas Star
     Room) on March 13 & 14. This room has Internet access, but lacks
     call-in facilities. IBM has also offered to provide a morning  
snack,
     lunch and afternoon snack on one or both days, depending upon
     schedule.

     Basic agenda (timing) needs to be determined to allow for travel
     planning by attendees.

     Meet 9-5 both days.  IBM needs a list of names and companies
     for the Internet access setup.  Bill will initiate a poll to
     see who will be attending.

- Interop call on Tuesday

     Meeting of people interested in participating in an
     OASIS-sponsored interop event.  Event will occur at Burton
     Group conference late June 2007.  Burton Group.com has link
     on front page.  All invited to participate.  Mailing lists:
     xacml-demo-tech, xacml-demo-mktg (marketing).  Join
     instructions at OASIS lists server.

     Network Application Consortium (NAC) also interested in an
     interop event, but their meeting is in April, which is
     probably too early for participants to prepare.

- Prateek's presentation at RSA and related XACML issues

     http://lists.oasis-open.org/archives/xacml/200702/msg00009.html

     Raises some potential work items.  Hal will initiate a
     discussion on the TC mailing list around each issue.  Need
     to be addressed soon if they are to make XACML 3.0.

     Prateek says he got a very reasonable audience for an 8am
     talk on standards: people are really interested in XACML and
     are using it.  Hal last year was in last slot of the
     conference, yet got a packed room.

- v1.1 Schema change clarification
     http://lists.oasis-open.org/archives/xacml/200702/msg00007.html

     1.1 schemas are the same as 1.0; only backward compatible
     changes and clarifications.

Issues
   #40 <ResourceContent> element
       http://lists.oasis-open.org/archives/xacml/200702/msg00002.html

     Erik recommends for backwards compatibility that this element
     be allowed to occur in any Attributes category.
     E.g. attributes of a Subject could be described in an XML
     document.  If <ResourceContent> is outside the Attributes for
     a Resource, it is hard to support multiple resources, since
     <ResourceContent> is not linked to the corresponding resource
     Attributes group.

     APPROVED.

   #64 Simplified treatment of administrative deny
       http://lists.oasis-open.org/archives/xacml/200701/msg00019.html

     Erik's recommendation: Deny on an administrative request is
     not discarded in policy set evaluation, but when we do
     reduction, we only look for policies which say Permit and
     ignore those which say deny.

     APPROVED.

   #63 Generalization of multiple resources
       http://lists.oasis-open.org/archives/xacml/200701/msg00018.html

     Problem with pairing Resource with the Decision.  Multiple
     Subjects is different because all Subjects participate in a
     single request; multiple Resources is optimization for
     submitting multiple requests, one for each Resource.
     Existing semantics do not actually capture intent to allow
     multiple intermediate subjects.  Should also be able to have
     multiple codebase subjects.

     DEFER.  Hold more discussion on the list.

   #5  Policies included in a decision request
       http://lists.oasis-open.org/archives/xacml/200702/msg00004.html

     Alternative way to address case where one doesn't want
     submitted policies combined with PDP's normal set is to have
     multiple PDPs, one of which does not use any other policies.

     APPROVED.  Could revisit later if problems arise.

   #50 Maxdepth with attribute categories
       http://lists.oasis-open.org/archives/xacml/200702/msg00013.html

     Erik does not yet have a proposal for this, but wants people
     to be aware of it.  May want to redefine current
     DelegationInfo so that only a single delegation depth is
     supported for administrative policy evaluation.

     DEFERRED pending discussion and proposal.

   #65 Defaults in policies
       http://lists.oasis-open.org/archives/xacml/200702/msg00014.html

     XML Schema experts minimize use of defaults, because not
     always consistently applied - some know default and fill it
     in, but others don't.

     Recommendation: do not define any more defaults in general.
     Could take up individual values if people see value in that.

     APPROVED

Next call 1 March 2007.