[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for 21 March 2013 TC Meeting - UPDATED (Attendee list)
Time: 16:30 EDT (GMT-0400; i.e. 20:30 GMT) Tel: 513-241-0892 Access Code: 65998 Minutes for 21 March 2013 TC Meeting - UPDATED (Updated attendee list) I. Roll Call Meeting Attendees Spreadsheet Company Name ascending Role The Boeing Company Crystal Hayes Voting Member The Boeing Company Richard Hill Voting Member Veterans Health Mohammad Jafari Voting Member Administration ViewDS Steven Legg Voting Member Oracle Rich Levinson Secretary Individual Bill Parducci Chair EMC Remon Sinnema Voting Member BAE SYSTEMS plc Richard Skedd Member Quest Software Danny Thorpe Voting Member The Boeing Company John Tolbert Voting Member Boeing Greg Smith Guest Quorum rule 51% of voting members Achieved quorum yes Individual Attendance Guest Attendees: 1 Contributing Members: 9 of 64 (14%) Voting Members: 8 of 11 (72%) (used for quorum calculation) Company Attendance Contributing Companies: 8 of 31 (25%) Voting Companies: 7 of 8 (87%) bill: we have quorum Approve Minutes: 7 March 2013 TC Meeting https://lists.oasis-open.org/archives/xacml/201303/msg00023.html bill: no objection to unanimous acceptance of the minutes II. Adminstrivia What time will upcoming TC meetings be held at? https://lists.oasis-open.org/archives/xacml/201303/msg00062.html Starting today the new meeting time is 4:30PM ET Since ET is now EDT, this is GMT -0400 i.e. today's meeting is at 16:30 ET=EDT = 20:30 GMT bill: people are here so at least attendees are on board w new time Status EC-US/IPC Profiles The Committee Spec (CS) version of the EC-US and IPC profiles have been published by TC-Admin: IPC: https://lists.oasis-open.org/archives/xacml/201303/msg00028.html EC-US: https://lists.oasis-open.org/archives/xacml/201303/msg00029.html TC-Admin, john tolbert provided attestation sample w instructions: https://lists.oasis-open.org/archives/xacml/201303/msg00053.html https://lists.oasis-open.org/archives/xacml/201303/msg00049.html Attestations submitted: Boeing EC-US: https://lists.oasis-open.org/archives/xacml/201303/msg00047.html Boeing IPC: https://lists.oasis-open.org/archives/xacml/201303/msg00048.html Axiomatics EC-US and IPC: https://lists.oasis-open.org/archives/xacml/201303/msg00060.html ViewDS EC-US and IPC: https://lists.oasis-open.org/archives/xacml/201303/msg00063.html Oracle EC-US and IPC: https://lists.oasis-open.org/archives/xacml/201303/msg00066.html john: enough attestations to move fwd, but maybe we can wait until the rest of the profiles catch up. RSA 2014 Interop commitments due by Mar 28, 2013 for OASIS premier space: RSA 2014 OASIS Demo Proposal - richard hill https://lists.oasis-open.org/archives/xacml/201303/msg00031.html hal: comments to Jane Harnad on proposal logistics issues https://lists.oasis-open.org/archives/xacml/201303/msg00037.html bill: oasis wants tc's to comment earlier richard: has contacted Jane, but no hard commitments yet. Status XACML REST Profile - any updates? 15-day public review announced on Mar 1, 2013 https://lists.oasis-open.org/archives/xacml/201303/msg00000.html ray: there were no pub rev comments rcvd, so we are ready to go to next step: bill: next step is to move to CS draft 02 to CS VOTE: Request TC ADMIN to produce a Special Majority Vote to approve a Committee Specification for: REST Profile of XACML v3.0 V1.0 Editable source (Authoritative): http://docs.oasis-open.org/xacml/xacml-rest/v1.0/csprd02/xacml-rest-v1.0-csprd02.doc ray: MOVES to make CS danny: SECONDS steven: rest profile depends on some things that have not shown up yet as references REST Profile: steven: question on schema availability: https://lists.oasis-open.org/archives/xacml/201303/msg00014.html ray's reply: https://lists.oasis-open.org/archives/xacml/201303/msg00018.html bill: will push fwd w best efforts and update spec when any temp refs are resolved. bill: no objections heard to UNANIMOUS APPROVAL, motion approved (steven's comment noted). -> action: bill contact tc-admin to move process along RSA 2013 Interop update Post-Conference materials: Action Item: Hal will gather materials from interop, confirm approval to share and post demo materials. not discussed (hal not here this mtg) XACML 3.0 OS: need process for issues and errata: (action: set up wiki) From Mar 7 minutes: https://lists.oasis-open.org/archives/xacml/201303/msg00023.html Hal: There is an official process for errata. Main limitation is only releasable annually. The wiki is likely the best place to capture the errata. -> bill: will put fresh entry on wiki: rich: the following items will be added to wiki entry (in addition to prev comments on obls clarifying the "ambiguity" in the combining algs): XACML 3.0 core OS new issues: add these to errata wiki: Specific cases of multiple category elements need definitive process descriptions; in particular, is there reqt that a pdp decision must be based on at most one element per category per decision. https://lists.oasis-open.org/archives/xacml/201303/msg00003.html Ambiguity between normative text in section 5.56 <StatusCode> wrt cardinality of StatusCode/StatusCode [Any Number] and the xml schema defn that has cardinality 0:1. https://lists.oasis-open.org/archives/xacml/201303/msg00005.html III. Issues XSPA healthcare profile was uploaded March 7: https://lists.oasis-open.org/archives/xacml/201303/msg00022.html XSPA - XACML Obligation Profile for Healthcare Version 1.0 comments are expected Comments on spec: Steven: https://lists.oasis-open.org/archives/xacml/201303/msg00050.html Erik: https://lists.oasis-open.org/archives/xacml/201303/msg00059.html mtg discussion on health care obls and profile: steven: scope of obligations OAA might not align w the policies in terms of scope; won't be any one policy that carries the obligation, any policy should carry it; obls don't match up w responsibilities of people writing policies; 2 stage process: uses xacml core: context handler gets decision, then posts a 2nd request to the obligation authority; 2nd body of access ctl policies - any additional obls are then attached to response; merged to original response. it's basically an extension to the pdp; not about obl families; in steven's resp to healthcare mentioned that obl families might be overengineered mohammad: spoke to some industry people; more to obl than what xacml currently supports; they are having a separate rules engine to do obls, but current version of xacml will have problems combining obls, so authority is not final soln to obl problems; steven: could mohammad summarize to list what the reqts are for these additional conditions mohammad: main use case they have is collecting obls from diff sources: reqt to combine all applicable obls to certain event; then 2. how to combine to resolve conflict etc. these kind of rules not supported by xacml; summary of issues being discussed on list: 1: how to collect obligations: 2: how to combine obl families; from conceptual level obls are more general than az decision; ex. a permit override; it would put the permit obl over the deny obl. need to decide if we want to go that way steven: is it goal that obl engine be replaced mohammad: they are happy w their current design; not waiting for the obls to envelop the reqts; permit deny is very special form of obl. not speaking for 3rd parties here; bill: will be complex to introduce non-boolean decision; the unbounded scope of obls would make xacml too complex to support full generalization end mtg discussion on obls,profile. Other comments related to the spec and/or obligations - not discussed at mtg, but need to be summarized for review: Hal: issues related to obligations: https://lists.oasis-open.org/archives/xacml/201303/msg00020.html Erik: https://lists.oasis-open.org/archives/xacml/201303/msg00020.html Mohammad: https://lists.oasis-open.org/archives/xacml/201303/msg00024.html David Chadwick: https://lists.oasis-open.org/archives/xacml/201303/msg00025.html https://lists.oasis-open.org/archives/xacml/201303/msg00027.html Mohammad: https://lists.oasis-open.org/archives/xacml/201303/msg00026.html Steven: https://lists.oasis-open.org/archives/xacml/201303/msg00038.html Rich: followup on comment on ambiguities in core spec wrt Obligations https://lists.oasis-open.org/archives/xacml/201303/msg00030.html clarification on defn of ambiguity in this context: https://lists.oasis-open.org/archives/xacml/201303/msg00039.html several additional emails expanding on the issue: most recent from bill: https://lists.oasis-open.org/archives/xacml/201303/msg00065.html steven: https://lists.oasis-open.org/archives/xacml/201303/msg00064.html others: https://lists.oasis-open.org/archives/xacml/201303/maillist.html see those entitled: "Re: [xacml] Minutes 7 March TC Meeting - action on ambiguity wrt set of returned Obligations, Advice" Other business: ? bill: none indicated bill: no objections to adjournment meeting adjourned: 5:08 PM EDT |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]