[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes 16 April 2009 TC Meeting
Date: Thu, 16-Apr-09 Time: 10:00 am EDT Tel: 512-225-3050 Access Code: 65998 Minutes for 16 April 2009 TC Meeting Proposed Agenda: 10:00 - 10:05 Roll Call & Approve Minutes Erik Rissanen Axiomatics AB Group Member Bill Parducci* Individual Group Member Rich Levinson Oracle Corporation Group Member Hal Lockhart Oracle Corporation Group Member Anil Saldhana Red Hat Group Member Seth Proctor Sun Microsystems Group Member John Tolbert The Boeing Company* Group Member David Staggs Veterans Health Administration Group Member Have quorum at start: 7/10 - Minutes to approve: 9 April 2009 TC Meeting http://lists.oasis-open.org/archives/xacml/200904/msg00018.html Approved, no objection 10:05 - 10:10 Administrivia - XACML v3.0 Specification Status http://lists.oasis-open.org/archives/xacml/200904/msg00020.html http://www.oasis-open.org/committees/document.php?document_id=32060&wg_abbrev=xacml The following specifications are targeted for Committee Draft status at the next meeting as well as to be marked for Public Review. This meeting will be held in one week (April 16) at the same time and number. * Core Specfication * Hierarchical Resource Profile * SAML Profile * Administration and Delegation Profile * Digital Signature Profile * Multiple Resource Profile * Privacy Policy Profile * Core and hierarchical role based access control (RBAC) Profile Have final core and 7 profile specifications Motion to move docs to CD: Bill moves Erik seconds Any objections to CD: none Vote carries Motion to public review: Erik moves John seconds Any objections to public review: none Vote carries Need doc, html, pdf (if editable form not html, then need all 3 (incl editable) Need list of individual links to docs: Don't know until in repos what the link is. -> Hal: will get clarification from Mary Hal: Norm Walsh confirmed our use of xml:id Hal: we will send docs to Mary for formal formatting check. Hal: public review will auto-go to security in OASIS, plus IETF, W3C, WS/I, ITUT, maybe NIST, OGC (geo-spatial), maybe HL7 (healthcare), Concordia, TSCP (John will provide email). Hal: new profile draft on export control 10:10 - 11:00 Issues - XACML Export Control -US profile draft http://lists.oasis-open.org/archives/xacml/200904/msg00019.html John: worked on w Paul Tyson, Bell Helicopter, export controls, need to define std attrs for international: nationality, control numbers from DOC, USML (munitions list, ITAR) std attrs for making export control decisions. - Public comments submitted for the XSPA profile of XACML http://lists.oasis-open.org/archives/xacml/200904/msg00021.html Finished public review Comments received above link David: RSA was important to getting public input Review xspa issues: 1 Are gateways included? ACS is gateway. 2 Diagnostic integers model: info holder does not relinquish control of any info - issue w pre-fetch - diagnostic images are too large Hal: responsibility to respond to people who made request, but possibly clarify doc to help people understand if the comment indicated party did not understand doc. 3 Request context: how requests are mapped: Hal: this one borrowed mechanism from SAML, may not need to adjust doc but direct to underlying spec. 4 Demo'd at HIMSS; do SAML, XACML, then they jump into how to do policies - here is how to identify patients; attr is provided, but up to individuals to identify mechanism 5 Issue w text extracted from saml/xacml profile: basically said we don't return req in rsp. Hal: optional to return; David will incl note 6 RSA 2008: defining attrs used for Dr Bob, created dissenting- subject-id - name of person being blocked. Would better describe dissenting-subject-id Erik: says he did original suggestion for dissenting David: masking plus additional info; can be better explained Hal: be careful; if user-id is different format, then may miss that person is supposed to be blocked. David: issue of NTI: should be number assoc w everyone 6 Default normal confidentiality code: normal is default; could add text to make clearer. 7 Mary working late - file name overwrites saml - will fix 8 Links: incl Hal's response; if doc external provide link David will check. 9 John M: comments in saml will affect xacml: Duane agreed, need to do some harmonization: Duane will provide email w details. 10 John M: made broad stmt; David: this is interop profile w defined attrs; expect those attrs give scope required for this work. Hal: how did HIMSS conf interop go: David: we were in future directions portion: demo'd infrastructure of a hospital. NHIE will be infrastructure for attrs shipping around and have opt-out model; they were very interested in xacml manner of doing this; they want the more detailed decision model; Will be taking code from HIMSS, make publ avail; will have tool to hook into nationwide health info exchange network. NHIN used between health info xchg's; will put on set top box; hook system to box, which will plug in. Hal: will mention at RSA next week: David will send slide w relevant info. Hal: this will be part of new things happening w saml. - Meeting schedule: Hal: we've had an intense period, go back to every other week. skip Apr 23 meeting next meeting: May 7, then 2 week schedule Meeting adjourned: 10:53 AM EDT
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]