Minutes 28 August 2008 TC Meeting

["Rich.Levinson" <rich.levinson@oracle.com>]

Meeting minutes:
"->" => action item

Meeting held: 28-Aug-08
Time: 10:00 am EDT
Tel: 512-225-3050 Access Code: 65998


10:00 - 10:05 Roll Call & Minutes Approval

Voting Members

Erik Rissanen  	Axiomatics AB
Rich Levinson 	Oracle Corporation
Hal Lockhart 	Oracle Corporation
Seth Proctor 	Sun Microsystems
Duane DeCouteau Veterans Health Administration
David Staggs 	Veterans Health Administration


Members

Brett Burley 	Veterans Health Administration

Anil Saldhana of Red Hat is on Leave of Absence.

   Vote on Minutes from 14 August TC Meeting
   http://lists.oasis-open.org/archives/xacml/200808/msg00009.html

	minutes approved

10:05 - 10:10 Administrivia
   Special Rates for the Security Forum Expire 29 August
   http://lists.oasis-open.org/archives/xacml/200808/msg00010.html

	HERAS-AF is their acronym - add to list on tc home page
	 Florian is from that group.
  ->	Hal sent Rich info to post (tbd)

10:05 - 11:00 Issues

   Optimizing <Target> evaluation
   http://lists.oasis-open.org/archives/xacml/200808/msg00000.html

	Accept Erik's proposal; will apply to 3.0 but not 2.0
	 
  ->	Give it issue #, couple others, too: Hal to do.

   XSPA profile of XACML v2.0 for Healthcare
   http://lists.oasis-open.org/archives/xacml/200808/msg00008.html

	Looking for comments from TC

	Multiple PEP's, PDP's to make more realistic

	Hal: enforcement arch at RSA Interop was deliberate 
	 simplification

	Hal: concern about bus logic in appl;

	Erik: not sure about showing HL7 in requests;
	 thinks resource should be described in terms of things
	 intrinsic to resource.

	Dave: permissions are result of engineering process; 
	 determine permission analysis of who does the work -
	 health providers, clinicians, etc.

	 HL7 has been carefully prepared for this

	Erik: different way of representing same policies.

	Rich: HL7 is representative of vertical; HL7 is specific
	 way to implicitly have policy metadata in the "appl" space,
	 it is pretty clearly detailed in the interop doc - basically
	 the HL7 permissions come in as resource attrs; more of
	 a "policy attachment" to resource model; possibly one
	 could envision a core policy store distributint
	 attachments out; definitely different in concept than
	 "typical" xacml, but able to be used by xacml nonetheless.

	Hal: could be best worked out as "here's another way to
	 do the same thing"

	Dave: add text about not creating "legacy trap"; there will
	 always be appl-specific attrs; don't want infrastructure to
	 have to know every detailed permission.


   External Input
   A slew of comments related to the specification were submitted
   recently. They may be found on the XACML Comment list:
   http://lists.oasis-open.org/archives/xacml-comment/200808/maillist.html

	Hal: we will need to get the comments in the errata;
	 ROland Illig's comments are errata on function name; need issue 
	 for it.
	 Erik: wd doesn't have date in it

	Hal: issue: Why are defns for all, any so complicated? Is
	 language expressing well-defined? Capture as an issue,
	 as well as (from 8/6 email Roland capture as issue)

	Hal: next one appears to be typos, but there is also a little
	 tool for scripting.

	Hal: msg from Oleg: says reported before: resource-id,
	 target-namespace.

	Hal: msg from Roland: re: profile web svcs spec: 
	 subsume symbol defns as one issue:

	Hal: string defn (Roland); also oleg follow-up - make sure
	 coding is not impl-specific - issue

	Hal: use of word "MAY" - errata - issue - not a choice about
	 whether to evaluate policyset; also follow up emails

	Hal: issue missing attrs

	Hal: whitespace - examples, content of whitespace

	 Erik: do you care about white space 

	Hal: wording and appendix in a.3; he has better wording?
	 add issue; Erik thinks may be bigger issue as well.

	Hal: add issue on ieee 754

	Hal: wording on arith fcns: issue

	Hal: a3.4 - improved wording: issue

	Hal: defn of "access control": look at - simple errata

	Hal: doc layout - 1 issue - bunch of "nits"

	Erik: 5 more issues

	Hal: schema email; picking one or other eliminates class of
	 problems: schema fragments should have lower precedent
	 than fragments; Erik - easy to make mistake in either

	Hal: section 7.5 match eval: issue

	Hal: "work continues" - errata - look at; Erik: circular
	 item might be important

	Hal: set functions in user-def data types; do we want 
	 people able to create new datatypes: Erik - should
	 define own "set" fcn - clarification in doc needed 
	 Erik: may be non-issue just clarify to Roland.

	Hal: defn of rule combining- issue

	Hal: other issue on Haskell? it is because prev tc member
	 thought Haskell was "way to go", turned out not.



	Next call Sep 11.