[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for 5 May 2011 TC Meeting:
Time: 13:00 EDT Tel: 513-241-0892 Access Code: 65998 Minutes for 5 May 2011 TC Meeting: I. Roll Call& Approve Minutes: Roll call: Erik Rissanen Abbie Barbir Paul Tyson Doron Grinstein David Choy Remon Sinnema Sridhar Muppidi Jan Herrmann Bill Parducci Anthony Nadalin Rich Levinson Hal Lockhart John Tolbert John Davis David Staggs we have quorum hal: preliminary: focus on v3 specs over other issues Approve Minutes: 28 April 2011 TC Meeting Minutes (updated): http://lists.oasis-open.org/archives/xacml/201104/msg00076.html hal: approved no objection II. Administrivia Ongoing: "ITU-T Files of Interest": Abbie will provide status as available hal: http://lists.oasis-open.org/archives/xacml/201105/msg00000.html hal: posted msg; they will incorporate errata, w rec#, there is self-explanatory data abbie: 16 files for xacml 2.0 will be incorporated; targeted to be done aug-sep time frame; will bring xacml 2 in synch w oasis xacml 3: will keep it in phase w oasis work hal: kmip interested in submitting abbie: is looking into it. Ongoing: F2F Planning Update status: F2F will be held in June 28th, 29, 30th in Lexington, MA at the Boeing facility John Tolbert to publish logistics information hal: http://lists.oasis-open.org/archives/xacml/201105/msg00001.html hal: john t. volunteered boeing facilities in Lexington email posted w logistics and hotels will need to have dial-in access: john: no problem new: next wk is european conf; should we have call next week; hal: will not have mtg next week. (it is optional week anyway) Ongoing: OASIS XACML Webinar: OASIS asks is there interest to develop? XACML Webinar set for 8 June, 2011 at 11:00ET US Hal, Erik and Doron will be presenting. Development in progress. Ongoing: "OASIS IDtrust Member Section to host IIW - 3-5 May 2011": dee: http://lists.oasis-open.org/archives/xacml/201103/msg00057.html is there any news from this conf? hal: the mtg is over III. Issues new: hal wants to close the extended indeterminate debate hal: critical wording is in C.1 hal: is it sufficient to look at declared effects or should we calculate beyond the effects; reading c.1 does not make clear which algorithm was intended. rich: this issue also existed in 2.0 w the Target of the Rules. erik: steven legg posted on comments that wasn't clear how it works if Targets evaluated. Paul found xacml behaved in different. Some agreement that it is too big to tackle in 3.0. hal: there was 3rd issue: how do legacy work w combining algs. erik: no difference in behavior. erik: table 7, need to go back 1 step; starts when evaluating PolicySet; not intended to be in C.1; hal: consensus that we need some chgs from wd-19; consensus on legacy algs. consensus on not going Paul's route paul: looking for understanding; rich: tried to explain erik: if you have 2 rules: 1 Permit and 1 Deny and alg is deny-override; if deny is found then it doesn't matter whether the other rule is evaluatable or not. if you don't have extended indeterminate; you cannot filter out irrelevant errors. PEP would not tell difference between type of indeterminate. paul: then these should not be seen in final result erik: that is correct: response from pdp hal: this is internal indeterminate state for internal eval. paul: would suggest led down this path; did not have notion of policy equivalence. rich: asserts that if policy target is indeterminate then all that needs to be done is to look at the effects of the rules and there is no point in evaluating the targets and conditions. paul: for completeness treat all rules as indeterminate; hal: that is the old policy algorithms; no longer can distinguish between d and p. rich: it is 2x2 issue: one axis is d or p, the other is evaluate target or not. paul: one way to determine indeterminate is to put in increasingly more complex analysis; if in order to understand, that is not serving the purpose of xacml. new:<PolicySet> elements under PPS elements in RBAC profile" jan: http://lists.oasis-open.org/archives/xacml/201104/msg00066.html rich: http://lists.oasis-open.org/archives/xacml/201104/msg00083.html rich: should this be resolved w action item to update 1st ref in doc? hal: one other issue: jan reported problem; erik: the normative section was modified, but tne non-normative was not updated. We should update the non-normative; action-> update the rbac spec; hal: for missing attrs - indeterminate can indicate go get the attr. no meeting next week: next call May 19. MEETING ADJOURNED: 2:01 PM/EDT new (carryover): "Profile examples" rich: links to hier examples: anne's 2004 doc: http://lists.oasis-open.org/archives/xacml/200406/msg00033.html actual doc: http://lists.oasis-open.org/archives/xacml/200406/pdf00003.pdf rich: forest and dag non-xml resource examples: http://lists.oasis-open.org/archives/xacml/200902/msg00058.html rich: background on xml resource URI example: (many emails followed this to point where we came to agreement on current spec): http://lists.oasis-open.org/archives/xacml/200910/msg00024.html doron: to start a discussion thread on list and provide examples that his company is using to represent their hier operations Update: BTG Profile (Break The Glass): latest: (david summary + follow on comments) david: http://lists.oasis-open.org/archives/xacml/201104/msg00074.html remon: http://lists.oasis-open.org/archives/xacml/201104/msg00078.html david: http://lists.oasis-open.org/archives/xacml/201104/msg00081.html remon: http://lists.oasis-open.org/archives/xacml/201104/msg00082.html Update: "Attribute predicate profile for SAML and XACML": remon(zbac): http://lists.oasis-open.org/archives/xacml/201104/msg00080.html Greg, is in the process of splitting document into a SAML Profile and XACML profile. He is a bit unclear as to what is needed in XACML profile based upon Paul's comments on the list. Hal offered that a Profile may created or an artifact on non-normative document track. Greg noted that he is awaiting feedback from the SAML group on the proposal made to that group. update: "XACML working drafts" "WD-19 of core and WD-14 of SAML profile" these specs are being reviewed. list of issues addressed is in 1st link, docs are in 2nd link: list-fixes: http://lists.oasis-open.org/archives/xacml/201104/msg00018.html doc-links: http://lists.oasis-open.org/archives/xacml/201104/msg00017.html Following are carried over: not ref'd in last minutes: Update: "The Indeterminate flavors question" (aka: Extended Indeterminate) remon: http://lists.oasis-open.org/archives/xacml/201104/msg00079.html erik: http://lists.oasis-open.org/archives/xacml/201104/msg00045.html paul: http://lists.oasis-open.org/archives/xacml/201104/msg00046.html rich: http://lists.oasis-open.org/archives/xacml/201104/msg00053.html Carried: PIP directive (additional information directives) original (David): http://lists.oasis-open.org/archives/xacml/201010/msg00005.html Hal: noted that this topic has been quiet and offered that he is working on an approach to possibly combining some of the ideas that have been considered. Carried: "usage of status:missing-attribute in case of an AttributeSelector - control of the pip through xacml rules" jan: http://lists.oasis-open.org/archives/xacml/201103/msg00059.html comments: paul: http://lists.oasis-open.org/archives/xacml/201103/msg00060.html erik: http://lists.oasis-open.org/archives/xacml/201104/msg00002.html jan: http://lists.oasis-open.org/archives/xacml/201104/msg00003.html Carried: ""Web Friendly" Policy Ids": hal: http://lists.oasis-open.org/archives/xacml/201103/msg00044.html comments: paul: http://lists.oasis-open.org/archives/xacml/201103/msg00046.html Carried: Specifying a specific associated Resource in a Policy (Sticky Policies): hal: http://lists.oasis-open.org/archives/xacml/201103/msg00012.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]