[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes 13 August 2009 TC Meeting
Time: 10:00 am EDT Tel: 513-241-0892 Access Code: 65998 Agenda for 13 August 09 XACML TC Meeting: 10:00 - 10:05 Roll Call voting Paul Tyson Bill Parducci Rich Levinson Hal Lockhart Seth Proctor John Tolbert Duane DeCouteau non-voting Vernon Murdoch Dilli Arumugam Richard Franck guest Sridhar Muppidi, ibm Have quorum Approve Minutes 30 July 2009 TC Meeting http://lists.oasis-open.org/archives/xacml/200907/msg00043.html Minutes approved 10:05 - 10:15 Administrivia Hal: we will skip other issues and just go to presentation below: ETSI Security Workshop Jan 20-22, 2010 http://lists.oasis-open.org/archives/xacml/200908/msg00001.html XSPA Profiles Status Check http://lists.oasis-open.org/archives/xacml/200908/msg00000.html XACML v3 Roadmap http://lists.oasis-open.org/archives/xacml/200907/msg00025.html 10:15 - 11:00 Issues Oracle/Cisco Contribution and presentation continued from last mtg: Contributions: http://lists.oasis-open.org/archives/xacml/200907/msg00019.html http://lists.oasis-open.org/archives/xacml/200907/msg00020.html AzApi Slides: http://lists.oasis-open.org/archives/xacml/200907/msg00032.html Notes from Q&A after slide presentation: Vernon: java, plans for more languages interesting starting point - Hal: we are ready to go w Liberty, looking at other langs, exactly how to evolve in parallel - would like to see intf std in tc, but code gen based on AMF, lang bindings, other apis, std intf here, produce one question to throw out: c++, sort of reqts for .Net, suggesting c#, similar to java, also legacy c,c++ want a flat c-only api - possibly 2 projects for that. also scripting langs, saml, want to use from python, etc. like any open source people to get and what do they want to work on. Vernon: what about existing azapi, such as JACC. Vernon why not xacml w jsr-115 - Hal: start w blank piece of paper; we looked at jsr-115, did not find readily available paths for certain constructs like obligations; also permission-based not general enough Rich: proposed arch, slide 6, is intended to incorporate jsr-115, as is, whereby SPI extension would utilize all jsr-115 context capabilities to gather attrs to make the azapi call to local or remote pdp; similarly jsr-115 Permissions would be "resource-types" and implemented accordingly by az provider called by Policy.implies() spi. Objective is to capitalize around existing infrastructure, not replace it, see slide 2, bullet 2, sub-bullet 2, and in particular, slide 5, bullet 3, AzApi enhance existing az providers - if an existing Extended Platform Az Provider as shown in slide 6 currently uses XACML PDP, then no chgs would implicitly be required to that impl - i.e. if it already works and it does all intended fcns then no need to change it. Note also, slide 7, bullet 2, the "red C" shows the places where AzApi modules "can be placed" to provide what is needed for particular situations. A major objective is to be able to deploy AzApi piecemeal as specific situations require - i.e. it gives a conceptual framework within which one can feel that build out existing quasi-proprietary solutions into a more general solution, that is less vendor and technology specific. Paul Tyson: xml serialization reading req/rsp Hal: receiver of xml req, take that stuff and call api, viewed as external to api, leaves selectors in limbo. primary focus was embeded pdp hi number decisions per sec, assume conv native format. Part of open source build proxy stub over the network; had to write a bit of code to format msg etc. Rich: Sun Xacml intended as an initial poc project to have AzApi impl using the SunXacml client modules Seth: interesting starting point; lot of stuff left to add. std in oasis? Hal: build code in apache like terms do api reqts in xacml tc Seth: oasis? Rich: sdo tc is example in oasis; lang reqts in oasis spec, zip files submitted, but dev presumably other external open source site. Hal: encourage people to join open src effort, trying to make it as efficient as possible. Rich: email me or tc to get answers to additional questions Hal: next call - 2 weeks: Aug 27, 10AM *** Remaining issues to be followed up at later meetings: Core Conformance http://lists.oasis-open.org/archives/xacml/200907/msg00022.html XACML Future Work http://lists.oasis-open.org/archives/xacml/200907/msg00026.html http://lists.oasis-open.org/archives/xacml/200907/msg00027.html Issues from comment list: Comments on the XACML 3.0 commitee draft 1 (16 April 2009) during the public review period http://lists.oasis-open.org/archives/xacml-comment/200907/msg00000.html Comments on the Hierarchical and Multiple Resource Profile of XACML 3.0 http://lists.oasis-open.org/archives/xacml-comment/200907/msg00001.html Issues carried over from July 16 mtg: relax-ng grammar for xacml http://lists.oasis-open.org/archives/xacml/200907/msg00002.html XSPA Profile of XACML v2.0 for Healthcare / Action Item from 2-Jul-09 (has updated attached spreadsheet) http://lists.oasis-open.org/archives/xacml/200907/msg00009.html x.500 (new concerns on same issue from prev mtgs) http://lists.oasis-open.org/archives/xacml/200907/msg00010.html Comments on: Open Document Format Office Appl Controls Profile http://lists.oasis-open.org/archives/xacml/200907/msg00012.html |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]