[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Minutes for 24 March 2011 TC Meeting
Rich, I would like to make one correction. See inline. Best regards, Erik On 2011-03-24 20:13, Rich.Levinson wrote: > Time: 13:00 EDT > Tel: 513-241-0892 Access Code: 65998 > > Minutes for 24 March 2011 TC Meeting: > > I. Roll Call & Approve Minutes: > > Voting > Erik Rissanen > Abbie Barbir > Paul Tyson > Doron Grinstein > Sridhar Muppidi > Gregory Neven > Franz-Stefan Preiss > Bill Parducci > Anthony Nadalin > Rich Levinson > Hal Lockhart > John Tolbert > David Staggs > > Non-voting > Kenneth Peeples > Duane DeCouteau > Remon Sinnema > > > 10 March 2011 TC Meeting Minutes (Updated): > http://lists.oasis-open.org/archives/xacml/201103/msg00015.html > > hal: no objections heard; approved > > > II. Administrivia > F2F Planning Update > http://lists.oasis-open.org/archives/xacml/201103/msg00006.html > > hal: f2f action on chairs to look for proposals > > > OASIS XACML Webinar: is there interest to develop? > http://lists.oasis-open.org/archives/xacml/201103/msg00034.html > > bill: talked to Dee: Erik, Doron, Hal volunteer to work on it. > > > Conformance Tests: bitkoo xacml 3.0 tests available for examination: > http://lists.oasis-open.org/archives/xacml/201103/msg00008.html > > hal: good job by bitkoo; encourage people to check it out > > > ITU-T Files of Interest: (any update on reviewing? - see minutes above) > http://lists.oasis-open.org/archives/xacml/201103/msg00001.html > > abbie: actively working on it, actual submission in next few days; > apr 11-20 group 17 mtg; next update will be after that. > > > III. Issues > New (from Hal): Specifying a specific associated Resource in a Policy > (Sticky Policies): hal: > http://lists.oasis-open.org/archives/xacml/201103/msg00012.html > > hal: suggest we collect errata; Hal actually proposed that we drop back to working draft and redo all the votes and public reviews to make corrections. I objected to it and would like to see if there is any way we can instead post an errata to save time in the process. > erik: thinks its bad idea > rich: thinks it should be parallel track > erik: volunteers to collect errata then decide what to do next > hal: reqd to produce errata against oasis std > format not specified, just show how published std will > be changed. suggests format of chg line #s ... to ... > hal: point is to collect chgs and agree with chgs then later > decide what, if anything, should be done to specs. > > > New (from xacml-comment): Specification of extended indeterminate in > combiningalgorithms is incomplete: > erik: http://lists.oasis-open.org/archives/xacml/201103/msg00011.html > > hal: erik to look at w errata > > > New (from Franz-Stefan): Erratum concerning the 'Expression > Substitution Group': > franz-stefan: > http://lists.oasis-open.org/archives/xacml/201103/msg00036.html > > hal: erik to look at for errata > > New (from Greg): Obligations problem: sec 7.16 may confuse > "effect","result" > greg: http://lists.oasis-open.org/archives/xacml/201103/msg00037.html > > hal: erik to look at for errata > > > Attribute Assertions in XACML request: greg has posted proposed profile: > http://lists.oasis-open.org/archives/xacml/201103/msg00035.html > comments on posting: > http://lists.oasis-open.org/archives/xacml/201103/msg00040.html > original (Paul from november 2010): > http://lists.oasis-open.org/archives/xacml/201010/msg00012.html > > hal: greg to describe proposal > > greg: doc has generic introduction; instead of letting saml carry > values only, can also carry a predicate that could be handled > by the pdp > > sec 3 would be chg to saml profile > > sec 4 explains how such assertions could be embedded in > a xacml pdp > > comments: from doron: who does work? pep or ch? greg: if > ch sees responses passing then ch could do it just as well > from franz-stefan: restrictions on how many queries user > can be making at given time; fishing: systematic queries > to collect underlying constraints > hal: was presented to saml on tue; some pushback on applies > stuff; possibly profiles saml<->xacml should ref each other > and cooperate; xspa has done 3 profiles in 3 tcs; > greg: own group has raised some issues in red balloons on > some of the pages; > paul: has same concerns raised earlier; whole business of > translating between boolean vs real comparison on an attr; > doron: didn't analyze in detail; similar to what they do in > long run; when you have attr responder: what values are > transmitted to responder; > hal: process of obtaining from a provider a predicate; > greg: query will contain predicate to be certified; > doron: has done before in 2003: tell pip go get attr > from various sources; throw attr of user over fence to > provider that returns the boolean; inputs are any num > of attrs, from req; > pep calls svc w some attr; pdp then tells ch - go get more > attrs, then send attrs to predicate responder and return > a boolean rsp that pdp makes decision on. > > greg: in doron's scenario: predicate is fixed in some kind > of service; greg's proposal is for any predicate: is doron's > for specific predicate? > doron: can give any predicate, but can also add more attrs; > user is 123, dept is xyz, is he over 21? pred calcs t/f > greg: not aware is it doc'd anywhere > doron: filed a patent; can set up a demo; > hal: didn't quite follow: > doron: define pred; attrs about principal; > predicate resolver; > hal: part of saml based on this is attr query, no guarantee > about what will be returned; make a query w a bunch of attrs > and predicates; > rich: thinks there is lot of stuff out there: saml profiles, > doron's stuff, other products, federation, papers have published > various things on collecting attrs, preparing predicates, and > producing results; > greg: point of profile is do basically that; > hal: concern about mention of patent - need to review oasis ipr > policies before introducing any patented technology > greg: p6, gives example > hal: missing attrs, attr finders, david's paper, interesting topic > wrt to obtaining attrs independent of notion of "predicates" > doron: predicate is just another attr for pep go get; do we want > to represent expression in policy; might be able to communicate > policy to responder > hal: in general can flatten anything out to a scalar; > rich: one or more scalars; > paul: xacml loosely coupled: common vocabulary that all participants > are aware of; introducing local attrs - policy writer can't > in terms of well known attrs; that alone introduces complexity > hal: xacml doesn't define your attrs, names, etc. need that > knowledge > paul: in any domain you will have that set of attrs; can do > varied analysis and be sure what you are doing; doron's notion > extends ch to not just deal w attrs, but throws over wall; > doron: example: can ask a weather service if it is raining; don't > need to know the internals of the impl > paul: pdp evaluates w full knowledge of attrs involved; can > eval wrt attrs of unknown origin; > hal: black box; ask what humidity is: why do you need to know > the impl in the black box. > doron: need to support both black and white box; call for credit > score - don't know how they do it, just need the score; in other > cases need to send attrs to control evaluation of credit score; > greg: how does ch know which attr to query? > doron: for each attr have info and expression, policy identifier, > etc. dynamic data provider; boolean is ultimate response > greg: sounds similar to locally meaningful attr-id's > > rich: have reached end of meeting time 2:00 > > hal: to be continued; greg is updating proposal? > > greg: will work w what tc wants to do; > > hal: ask tc-admin for template, then can post to our archive; > > rich: was same doc submitted to both xacml,saml? > > greg: yes > > david s: incits: producing next gen access ctl, can put some > text in for xacml in cs1; need to be member of cs1: us body > for iso? > > hal: next mtg in 2 weeks; progress pts on list as much as possible. > > > > BTG Profile (Break The Glass): > several recent comments (only listed most recent from each named > member): > david-c: > http://lists.oasis-open.org/archives/xacml/201103/msg00014.html > mike: > http://lists.oasis-open.org/archives/xacml/201103/msg00021.html > erik: > http://lists.oasis-open.org/archives/xacml/201103/msg00024.html > doron: > http://lists.oasis-open.org/archives/xacml/201103/msg00027.html > martin: > http://lists.oasis-open.org/archives/xacml/201103/msg00028.html > bill: > http://lists.oasis-open.org/archives/xacml/201103/msg00029.html > paul: > http://lists.oasis-open.org/archives/xacml/201103/msg00030.html > david-s: > http://lists.oasis-open.org/archives/xacml/201103/msg00032.html > rich: > http://lists.oasis-open.org/archives/xacml/201103/msg00033.html > original (David C): > http://lists.oasis-open.org/archives/xacml/201011/msg00017.html > > PIP directive (additional information directives) > original (David): > http://lists.oasis-open.org/archives/xacml/201010/msg00005.html > > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]