OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Proposed Agenda for 23 September 2010 TC Meeting

Proposed Agenda for 23 September 2010 TC Meeting:

Time: 13:00 EDT
Tel: 513-241-0892 Access Code: 65998

13:00 - 13:05 Roll Call & Approve Minutes:
Roll Call:

Approve Minutes:
9 Sep 2010 TC Meeting:
 http://lists.oasis-open.org/archives/xacml/201009/msg00003.html

13:05-13:10
Administrivia:

   BrightTALK Authentication Summit Oct 7th
    "opportunity to showcase the XACML Standard with a webinar"
    speaker (vendor-neutral) opportunity - see email for more info:
      http://lists.oasis-open.org/archives/xacml/201009/msg00008.html

   Identity Management 2010:
     update - Keynote Info
   Worldwide Identity Solutions for Online Security, Privacy and Trust
   27-28 September, Washington, DC  USA
   http://events.oasis-open.org/home/IDM/2010
see recent emails (also see prev mtg minutes):
 http://lists.oasis-open.org/archives/xacml/201009/msg00007.html
 

13:10-14:00

XACML v3 Status:
 Next steps:
Next steps:
     All 8 specs are CS, we were going to check that TC-Admin
	did the necessary updates.
     To move to OASIS Specification need 3 members to confirm 
	they are using specs 

New Issues:

  Jan,Paul: "using the xacml obligation mechanism for service 
        request or response rewrite"
    http://lists.oasis-open.org/archives/xacml/201009/msg00004.html
    http://lists.oasis-open.org/archives/xacml/201009/msg00005.html
    http://lists.oasis-open.org/archives/xacml/201009/msg00006.html

Old Issues

 - new issue (last time) from Jan: obligations satisfied by PEP?
   Is there a reason why the core spec recommends/?constrains implementations
   that obligations have to be fulfilled in the pep and not in the ctx handler.
    http://lists.oasis-open.org/archives/xacml/201009/msg00002.html

     left as waiting for more reqts


 - A paper about extending XACML to specify quantified risk adaptive access control
    http://lists.oasis-open.org/archives/xacml/201008/msg00008.html
     (was some discussion last mtg - any further actions? )

 - User is asking why:
   "'3.1 Nodes in an XML document' requiring that not only
    should one include a resource-id of type xpath-expression for the node
    that is the resource for the access decision but also its parent and
    all ancestors. Why is this required by the spec? Why is it necessary."

   This should already be addressed in 3.0 hier profile;
    should we consider updating the 2.0 hier profile w errata?

	Rich took action to look into current status of implementers
	 guide and consider updating w relevant info on hier.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]