[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes of XACML TC Meeting 10 May 2007
Minutes of XACML TC Meeting 10 May 2007 1. Roll Call & Minutes Voting Member Attendees Erik Rissanen Anthony Nadalin Ron Williams Abbie Barbir Rich Levinson Anil Saldhana Bill Parducci (co-chair) Anne Anderson (minutes) David Staggs Non-voting Member Attendees Prateek Mishra Quorum achieved (58% per Kavi at time quorum was measured) Regrets Hal Lockhart Approve minutes 26 April 2007 http://lists.oasis-open.org/archives/xacml/200704/msg00030.html Unanimous consent 2. New drafts of XACML 3.0 core and Administrative Policy working drafts Erik has submitted new drafts. They will be linked into the XACML TC home page later today. 3. Status of XACML interop event at Burton Catalyst Rich Levinson reported on the progress of planning for the XACML interoperability demo at Burton Catalyst. Rich is doing high-level requirements; Denis Pilipchuk (BEA) is doing the operation level. Into the details now. All Attributes are provided as part of the XACML Request. New use-case scenario sent out yesterday on the xacml-demo-tech@lists.oasis-open.org mailing list. Vocabularies are a set of URNs that identify the data elements, and are specified in a table of such URNs. Assumption is that PEP (or another component such as Context Handler) has access to the table of URNs, and can insert the necessary Attributes into the Request by mapping the URNs to specific variables. Considering use of "SAML 2.0 Profile of XACML 2.0" as recommended by Hal Lockhart, but not all the vendors have implemented that; looking for some simple wrapper they could use. Anne noted that the Errata version should be used, since the approved standard has errors both in the specification and in the schemas. Participants are meeting weekly at 11am Eastern Time on the XACML conference call number. 4. Review of "pending review" and "open" issues http://lists.oasis-open.org/archives/xacml/200704/msg00031.html ISSUE 3. Should elements in a policy target and the request context be open? PENDING REVIEW: Daniel REFERENCE:http://lists.oasis-open.org/archives/xacml/200603/msg00002.html. CLOSED ACCEPTED. ISSUE 5. Policy statements in the request context PENDING REVIEW: Anne REFERENCE:http://www.oasis-open.org/committees/download.php/22765/xacml-profile-saml2.0-v2-wd-2.zip CLOSED ACCEPTED. ISSUE 33. How to match any delegate PENDING REVIEW: Erik REFERENCE:http://www.oasis-open.org/committees/download.php/22559/xacml-3.0-admininstration-v1-wd-16.zip CLOSED ACCEPTED. ISSUE 34. Draft 10 has a circular import in the schemas PENDING REVIEW: Erik REFERENCE:http://www.oasis-open.org/committees/download.php/22559/xacml-3.0-admininstration-v1-wd-16.zip CLOSED ACCEPTED. ISSUE 37. SAML Profile: XACMLPolicyQuery Target element PENDING REVIEW: Anne REFERENCE:http://www.oasis-open.org/committees/download.php/22765/xacml-profile-saml2.0-v2-wd-2.zip CLOSED ACCEPTED. ISSUE 39. SAML Profile: allow return of policy and policy set id references? PENDING REVIEW: Anne REFERENCE:http://www.oasis-open.org/committees/download.php/22765/xacml-profile-saml2.0-v2-wd-2.zip CLOSED ACCEPTED (will not return such references). ISSUE 57. WS-XACML: Restrictions on XPath expression to support matching Attribute references PENDING REVIEW: Anne REFERENCES: http://www.oasis-open.org/committees/download.php/21490/xacml-3.0-profile-webservices-spec-v1.0-wd-8-en.pdf http://www.oasis-open.org/committees/download.php/21489/xacml-3.0-profile-webservices-schema-v1.0-wd-8.xsd STILL PENDING REVIEW. ISSUE 70. SAML Profile: IDs for policies in XACMLPolicyStatementType PENDING REVIEW: Anne REFERENCE:http://www.oasis-open.org/committees/download.php/22765/xacml-profile-saml2.0-v2-wd-2.zip CLOSED ACCEPTED. II. OPEN These issues are waiting for a resolution to be proposed. ISSUE 12. More general conclusions OPEN: Bill REFERENCE:http://lists.oasis-open.org/archives/xacml/200704/msg00027.html Has morphed into more robust obligations. Bill and Erik hope to have a proposal for review by next meeting. ISSUE 23. Access Permitted OPEN: Hal No action taken, since Hal not present. ISSUE 36. PDP metadata OPEN: Bill (depends on resolving#12) Bill working on simple schema to let a PDP specify its basic attributes. Hopes to have by next meeting. ISSUE 58. WS-XACML: Handle P3P 1.0 POLICY/STATEMENT/NON-IDENTIFIABLE in an XACMLPrivacyAssertion OPEN: Anne No progress made yet. ISSUE 62. Policy provisioning interface OPEN: Hal Prateek and Rich will comment on Hal's proposed outline (Hal posted his proposal on 23 February 2007, Subject: New Topic: Policy Provisioning at http://lists.oasis-open.org/archives/xacml/200702/msg00061.html; he presented his proposal and there was subsequent discussion at the end of the first day of the F2F that is captured in the Minutes at http://lists.oasis-open.org/archives/xacml/200703/msg00069.html) ACTION: change Champion from Kamalendu to Hal ISSUE 63. Generalizaton of multiple resources OPEN: Erik Got feedback and hasn't resolved. ISSUE 66. Missing attributes may be underspecified OPEN: Rich Still mulling it over. Interop exercise is exhibiting the problem. PEP may supply some attributes, Context Handler must get others. AttributeFinder interface assumes there is a PIP that has access to everything. "Missing Attribute Detail" in existing spec OK, but not used for this purpose - PEP may not know what to send. Anne responded it is much more complex, although conceded Prateek's point that some simple sets of policies could be handled this way. Rich mentioned a related use case: a resource might be a business object with no persistent form. Only exists when instantiated in the application. ISSUE 67. Add XPath 2.0 support OPEN: Daniel and Erik ACTION: Add Erik as champion. He is working on it. ISSUE 69. CORE ERRATA: Incorrect URL in access_control-xacml-2.0-context-schema-os.xsd schema file OPEN: Argyn and Erik Erik will include in XACML 3.0 schema. Also needs to be included in core errata. ACTION: add Erik as Champion. ISSUE 71. Treating different subject categories as different entities OPEN: Hal Anne reports no progress; difficult topic. ISSUE 72. SAML Profile: Where should passed-in policies be inserted OPEN: Anne and Erik Erik: implementation specific perhaps. ISSUE 73. At which level in a nested policy set does reduction start? OPEN: Hal Not discussed, since Hal not present. ISSUE 74. SAML Profile: Add SAML metadata description OPEN: Anne Bias will be in favor of using whatever the interop comes up with, barring real problems with it. ISSUE 75. Defining an interface for closely coupled PEP/PDP OPEN: Rich and Prateek Interop event may help progress on this. ISSUE 76. Multiple conditions on single XPath nodeset or <Attributes> group OPEN: Anne No progress ISSUE 77. Datatype of Resource id attribute in Response OPEN: Erik No progress ISSUE 78. CORE ERRATA: Namespace treatment in xpaths OPEN: Daniel, (Erik) Issue fixes old XPath usage (errata). #67 is adding new XPath. ACTION: Add CORE ERRATA to title. ISSUE 79. Incorrect use of multiple subjects OPEN:Anne ACTION: Anne Change to pending if this is an actual proposal. ISSUE 80. Errata: XACML 2.0 specification "Policies based on resource contents" OPEN: Reported by Blair Bethwaite and Erik ACTION: add Erik to champions The meeting adjourned at 10:45am Eastern time. -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]