Minutes for 9 February 2012 TC Meeting:

[rich levinson <rich.levinson@oracle.com>]

Time: 13:00 EDT (GMT-0400)
Tel: 513-241-0892
Access Code: 65998

Minutes for 9 February 2012 TC Meeting:

I. Roll Call

Voting Members
Crystal Hayes 		The Boeing Company
Richard Hill 		The Boeing Company
Rich Levinson 		Oracle
Hal Lockhart 		Oracle
Bill Parducci 		Individual
Erik Rissanen 		Axiomatics 	
Remon Sinnema 		EMC
John Tolbert 		The Boeing Company
Paul Tyson 		Bell Helicopter Textron Inc.

  we have quorum

Members
Anthony Nadalin 	Microsoft
Danny Thorpe 		Quest Software

Observers
Massimiliano Masi	Tiani "Spirit" GmbH


II. Approve (updated) Minutes of 26 January 2012 TC meeting
     http://lists.oasis-open.org/archives/xacml/201202/msg00002.html

   Hal: minutes approved, no objections

III. Administrivia

  RuleML: LegalRule ML

    Paul: has been attending their mtgs; oasis tc; looking to
     find basis for collaboration:
    John: IPR issues?
    Paul: will be explaining xacml to them next wed
    Hal: Paul will look at coordinating for them to present to us.


  RSA InterOp
    Status update
      Hal: slides are out for review; booth planned, all things
	moving fwd ok.

  Test Assertions Model and Markup Language v1.0
    Volunteers needed to review conformance tests: additional tests,
     revisit testing mechanisms, does spec need changes to facilitate
     testing? This was discussed at last mtg, this item is reminder
     to keep issue open for now.

    Hal: need volunteers

  IPC WD-07 uploaded
    Richard Hill has uploaded WD-07
     http://lists.oasis-open.org/archives/xacml/201201/msg00031.html
    This is rev 1:
     http://www.oasis-open.org/committees/document.php?document_id=44958&wg_abbrev=xacml

    Hal: update uploaded
    John: have people reviewed it? can we elevate it?
 ->  Hal: any additional comments to wd7; if no comments by
      tomorrow, publish wd-8, then move to cd at next call.

  REST Profile
   Danny provided JSON update:
    http://wiki.oasis-open.org/xacml/RestProfileRequirements

   Ray: needed more reqts are things complete now?
   Hal: it is up to people to ask if features are what is intended
    and based on responses move ahead accordingly
   Paul: need use cases and communities
   Hal: activities around new protocols
   Erik: orgs want to go away from xml;
   Hal: public is saying xml inefficient; tooling kits don't
    have xml schema capabilities, in general
   Hal: xml msg inside http not big reqt now
   Hal: if we said here is how to put schema in http
   Paul: media type
   Hal: PAP probably needs more discussion
   Erik: orgs have many different ways to deploy policies; something
    simple might make sense as starting point;
   Hal: where mimicking existing fcnality it's straight-forward, other
    areas should be handled separately

  Non-XML representations of XACML (EBNF + semantics):
   Ongoing review of contribution from Massimiliano Masi, et al:
    http://lists.oasis-open.org/archives/xacml/201201/msg00033.html
    http://lists.oasis-open.org/archives/xacml-users/201202/msg00000.html

   Hal: if people are interested discuss on list


IV. Issues

 Open issues (recent months) collected for review:

  List of open XACML 3.0 issues for review from Erik:
   http://lists.oasis-open.org/archives/xacml/201202/msg00001.html

   Hal: see if we can close some of these:

Issue 1: Values from bag function
http://lists.oasis-open.org/archives/xacml/201110/msg00020.html
Status: no concrete proposal available.
Erik's personal comment: could be done like Paul sketches,
 or perhaps as higher order function which takes the function
 to apply as an argument.

  Hal: Paul was going to do proposal.
  Paul: had intended this to post-3.0
  Bill: maybe JIRA
  Hal: we need "one way"
  Bill: wiki probably ok for small number of issues
  Erik: all closed issues are cleared out, only a few
    issues are there now.
  Bill: let's start numbering at 100; we have 12,36,62,66, etc.


Issue 2: XACML media type
http://lists.oasis-open.org/archives/xacml/201112/msg00015.html
Status: we need to do some simple changes in the spec for IANA to
 move forward with this.

  Hal: simple thing is admin req to get new doc;
  Ray: brought up because of interface
  Hal: defer approval of doc until sure it is right
  Paul: having media types registered would be good, even w/o rest
  Hal: issue is note vs spec; Ray will start new doc; assume spec track

Issue 3: New combining algorithm
http://lists.oasis-open.org/archives/xacml/201112/msg00018.html

  Erik: when customers model policies; split up by sections, use
    Target; to match w internal resources need to compare subject
    with resource; can't do w Target because need hard value;
    Problem is deny is propagated up toward root, which causes
    issues;  would be useful to have combining alg that would
    do the same thing as schema;
  Hal: optional profile wouldn't be an issue
  Rich: agrees if optional, but in core the semantics are
    navigating policyset nodes w policy/rule at leaf level,
    and complex condition only shows up at policy/rule leaf.
    To throw this complexity into target paradigm might
    be conceptually disruptive.
  Erik: finance community wants to use risk level, not a constant
    value;
  Paul: selling pt of xacml is can turn ordinary policies into
    xacml w/o a lot of trouble.
  Hal: instance-based access control; can have complex policy
    under the instance;
  Paul: worries about complexity of combining-alg
  Hal: would like to see use case; target vs condition goes
    back to 1.0.

  Hal: we've run out of time - will adjourn and pick up at
    next meeting.

Issue 4: Context handler
http://lists.oasis-open.org/archives/xacml/201112/msg00039.html
Status: Proposal by Ray.

Issue 5: higher order function generalization
http://lists.oasis-open.org/archives/xacml/201201/msg00018.html
Status: no change in functionality needed, but there seems to be
 consensus on renaming the functions in 3.0.

Issue 6: Section 5.29 AttributeDesignator missing xs:element line
http://lists.oasis-open.org/archives/xacml/201201/msg00021.html
Status: obvious typo

Issue 7: URI equality
http://lists.oasis-open.org/archives/xacml-comment/201110/msg00010.html
See also many meeting minutes posted since.
Status: Proposal is to not change current functionality but add some
 explanatory text. There is a broader discussion going on about
 ditching URIs altogether but I assume that is not for the
 3.0 timeline.



 Ongoing issues:

  Choice Element
   Ongoing discussion: current status appears to be that there is
   agreement that problem exists, but that it is probably better
   for the present to just provide an advisory, and update the
   schema the next time the schema is updated in maintenance release.

   Several comments 1/27->2/1:
    http://lists.oasis-open.org/archives/xacml/201202/msg00000.html