[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes of OASIS XACML TC meeting: 17-Jul-08
Minutes of OASIS XACML TC meeting: 17-Jul-08 Time: 10:00 am EDT Tel: 512-225-3050 Access Code: 65998 Proposed Agenda: 10:00 - 10:05 Roll Call & Minutes Approval Vote on Minutes from 3 July TC Meeting (Corrected) http://lists.oasis-open.org/archives/xacml/200807/msg00024.html Roll call: Voting: Rich Levinson Seth Proctor Anil Saldhana Erik Rissanen Tony Nadalin Bill Parducci 6 of 8 voting is quorum Non-voting: Anil Tappetla Duane DeCouteau (gains voting status) OASIS: Jamie Clark Minutes approval: Corrected minutes of prev mtg (7/3) Approved. 10:05 - 11:00 Issues Attribute Designator Parameters http://lists.oasis-open.org/archives/xacml/200807/msg00008.html Anil T. plethora of attrs - fcns used by CH vs PDP. Erik: doesn't think this level of detail in PDP, rather in the CH part of env Anil: concern about large number of config type attrs Seth: agrees context handler PDP - retrieve attrs different ways; arg for config details as part of policy, if can't config ch w attr; interested in real world use case Anil: can provide examples; possible Seth: agrees w Erik that this is ch config info, not to be in policy; why config something for individual attr? Anil: ch config is separate issue Seth: ch has to get parameter, where does it get helper info? Anil: it is more than just ch issue Seth: never come across use case why config for ch must be part of policy Anil: example sent out Defer discussion to next meeting get more input #88 General Xpath functions http://lists.oasis-open.org/archives/xacml/200807/msg00016.html Erik: proposed by Craig - new fcns - gave up on export/import, now proposing (should be 3.0) adding; couple open issues do we need uri variance? should substring be able to extract to end of string? case conversion of international chars not easy Bill: URI handling different from strings, regex matches etc. - also value in neg index, chomping from back of string, back of string is often valuable for access ctl; no idea how to approach case sensitivity; Erik: case conv complex; Bill: maybe case conv too much; Bill: edit spec w these additions, Rich: what is xpath story on 3.0 Erik: this is just new fcns Bill: more broad read Bill: Erik will repost proposal; impls have to figure out the case issue Bill: maybe include 3 digit lang code? Erik: maybe locate parameter added to string Seth: Java used to be a little confused, but now locale-based and can optionally specify locale. Rich: maybe this is metadata similar to Anil's prev issue on "helper parameters" Seth: maybe default for whole policy; but this metadata is how to read strings as opposed to prev issue that was more explicit Bill: is there problem raising locale to policy level attr? Erik: diff attrs from diff locales Bill: Erik will propose Duration Data Types http://lists.oasis-open.org/archives/xacml/200807/msg00017.html Bill: this issue derived from something Seth originally proposed? Seth: maybe Bill: could handle "today - 21 years > subj.birthday" type discussion? Erik: concerns that xacml incl data types that are restrictions on data types, but does not incl more general type; inclined to keep as is. Erik: why not ymd instead of just ym Bill: Seth's original note in 2003 - points out may or may not solve other needs but didn't have any then; so probably ok w what we have XACML Typos/ ipAddress, dnsName functions http://lists.oasis-open.org/archives/xacml/200807/msg00021.html Erik: list of fcn identifiers in conformance section missing items that are in text that defines fcns themselves- probably typo; just add the "missing" identifier Erik: other part - do we need set fcns for ip addr and other? Bill: is regex match sufficient Erik: 2 use cases: policy want to spec ip addr ok w regex but do we want intersection of tags of ip addrs? Probably not? scope? Erik: just update missing identifiers but don't deal w missing qualifiers <Target> Optimization http://lists.oasis-open.org/archives/xacml/200807/msg00023.html Erik: target has multiple levels; if one is indeterminate then whole is indeterminate; so if one element is indeterminate then can stop there rather than processing the rest; Erik: spec has break out possibility for match, but not for no match; Bill: revisit when Hal gets back; went around w Polar on this, but maybe some issue remains - defer. Bill: next meeting in 2 weeks: 31-Jul-08 --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]