OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for 24 February 2011 TC Meeting

Time: 13:00 EDT
Tel: 513-241-0892 Access Code: 65998

Minutes for 24 February 2011 TC Meeting:

I. Roll Call 

Erik Rissanen
Doron Grinstein
Gareth Richards
Sridhar Muppidi
Gregory Neven
Bill Parducci
Anthony Nadalin
Rich Levinson
Hal Lockhart
Paul Tyson

Non-Voting
Abbie Barbir

	we have quorum

 Approve Minutes:
  10 February 2011 TC Meeting
  http://lists.oasis-open.org/archives/xacml/201102/msg00020.html

    hal: approved no objection


II. Administrivia

 F2F vote:
   ID in the cloud TC may meet same week as IdTrust, Apr 6,7 (w,th)
   john reserved us a room in crystal city (near dc)
   people have travel restrictions

  sridhar: if we had agenda w priorities, might impact people attendance
  hal: at least the current discussion issues, plus other topics
  hal: propose that people suggest list of topics to help create
    a full agenda.


 XACML versions and ITU + comments:
    http://lists.oasis-open.org/archives/xacml/201102/msg00022.html
  hal comment:
    http://lists.oasis-open.org/archives/xacml/201102/msg00026.html
    http://lists.oasis-open.org/archives/xacml/201102/msg00029.html
  abbie:
    http://lists.oasis-open.org/archives/xacml/201102/msg00027.html
  remon:
    http://lists.oasis-open.org/archives/xacml/201102/msg00028.html
    http://lists.oasis-open.org/archives/xacml/201102/msg00030.html
  bill:
    http://lists.oasis-open.org/archives/xacml/201102/msg00032.html

   abbie: has been in contact w jamie, things in process
     need official list of docs; xspa?
   hal: will take action to identify 4 categories of files:
	xspa
	core and legacy
	john's profiles (export, ip)
	errata
    will pass to ITU; will try to get links to abbie by Mon.
    hal will also talk to remon, who expressed interest

    no objections to hal's proposed action above


 Conformance tests and comments:
  bill:
    http://lists.oasis-open.org/archives/xacml/201102/msg00031.html
    http://lists.oasis-open.org/archives/xacml/201102/msg00035.html
  paul:
    http://lists.oasis-open.org/archives/xacml/201102/msg00033.html
  remon:
    http://lists.oasis-open.org/archives/xacml/201102/msg00034.html

  bill: suggest course to tag things; 
  paul: looked at doc ref'd and in repos is labeled v2 test; were
	created, but not validated: several questions: do we want
	to carry forward to xacml 2.0, 3.0 or devote effort
  rich: should identify what's missing in current tests
  paul: if advertised as conformance test suite;
  hal: these are not compliance tests; currently they are a self-test
   mechanism primarily; in kavi folder;
  paul: msg 33 points to doc

  rich: probably 2-4 manweeks of effort to get things under control
  paul: is actually doing the details of converting to 3.0 etc.
    took what was in svn; some things were just run thru translator;
  hal: looking at do 1394
  paul: looking at 14021 - link is in email
  paul: rich said keep framework; paul thinks there are deficiencies
	that need addressing
  rich: not opposed to any direction, just would like to understand
    what are current deficiencies and how they will be addressed
  paul: set out to do a policy evaluator to address the attribute
	assertions which led into this effort;
  hal: other thread here is errata, which will take on w remon;



III. Issues
  
 BTG Profile (Break The Glass):
  Overall comments on BTG Proposal/Protocol Flows:
   original (David): 
     http://lists.oasis-open.org/archives/xacml/201011/msg00017.html
  david: Protocol Flows:
     http://lists.oasis-open.org/archives/xacml/201102/msg00021.html
   erik:
     http://lists.oasis-open.org/archives/xacml/201102/msg00036.html
   paul:
     http://lists.oasis-open.org/archives/xacml/201102/msg00037.html
   mike:
     http://lists.oasis-open.org/archives/xacml/201102/msg00038.html
   erik:
     http://lists.oasis-open.org/archives/xacml/201102/msg00039.html
   mike:
     http://lists.oasis-open.org/archives/xacml/201102/msg00040.html
   bill:
     http://lists.oasis-open.org/archives/xacml/201102/msg00041.html
   rich:
     http://lists.oasis-open.org/archives/xacml/201102/msg00042.html

  rich: recommends just using "attributes" as the effective state
  hal: he and erik added couple emails for some kind of external
    mechanisms, such as rbac; should be architected as separate
    entity.
  paul: pdp state changes impact very broadly; if some action-id
	sets attr in request context; 
  hal: will table for now

  david: Risk adaptive vs BTG
     http://lists.oasis-open.org/archives/xacml/201102/msg00023.html
   paul:
     http://lists.oasis-open.org/archives/xacml/201102/msg00024.html
   john:
     http://lists.oasis-open.org/archives/xacml/201102/msg00025.html

 Attribute Assertions in XACML request
  greg: just prior to last mtg:
    http://lists.oasis-open.org/archives/xacml/201102/msg00016.html
  tony:
    http://lists.oasis-open.org/archives/xacml/201102/msg00019.html

  prev msgs:
  original (Paul): http://lists.oasis-open.org/archives/xacml/201010/msg00012.html
  (Tony's example) http://lists.oasis-open.org/archives/xacml/201102/msg00013.html

  greg: not much activity last couple of weeks;
   thinks some predicates from tony went further

  tony: wants a predicate that can be fed into the pdp (called "claims")
  greg: this seems further and not compatible w what they are doing
  tony: not sure if there is total overlap; maybe up to point of
	handing off to pdp; might look at predicates up to the pdp
  greg: in tony's use case there is delegation going on; can explore
	feeding predicates in to the pdp;
  hal:  even saml proposal wouldn't be limited to boolean; tony concurs;
 	hal: even non-boolean falls into category of fact about the
	entity; you are 36 years old is not a boolean statement;
	the actual expression is not a boolean, even though the
	result coudl be expressed as boolean
  paul: request context is unnecessarily constrained to equality
 	predicates
  greg: challenge is how things are expressed in pdp
  paul: prolog sets direction: says conditions on which predicate is true;
  hal:  is there a useful subset, or should we look for more complete
	understanding
  greg: short term want to look at "simple" case, whereas above are
	"more elaborate" than the simple.



 PIP directive (additional information directives)
  original (David): http://lists.oasis-open.org/archives/xacml/201010/msg00005.html
  latest: http://lists.oasis-open.org/archives/xacml/201012/msg00022.html

	hal: no new info on this issue at present;

	hal: next meeting 10-March-2011

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]