Time: 16:30 ET (GMT-0400)
Tel: 513-241-0892
Access Code: 65998
Minutes for 30 May 2013 TC Meeting
I. Roll Call & Minutes
Roll call:
Quorum rule 51% of voting members
Achieved quorum yes
Individual Attendance
Contributing Members: 10 of 66 (15%)
Voting Members: 8 of 11 (72%) (used for quorum calculation)
Company Attendance Contributing Companies: 8 of 30 (26%)
Voting Companies: 6 of 8 (75%)
Axiomatics David Brossard Member
TSSG Bernard Butler Member
The Boeing Company Crystal Hayes Voting Member
Veterans Health Admin Mohammad Jafari Voting Member
ViewDS Steven Legg Voting Member
Oracle Rich Levinson Secretary
Oracle Hal Lockhart Chair
Individual Bill Parducci Chair
EMC Remon Sinnema Voting Member
The Boeing Company John Tolbert Voting Member
Leigh Griffin Visitor
we have quorum
Approve Minutes:
16 May 2013 TC Meeting
https://lists.oasis-open.org/archives/xacml/201305/msg00036.html
hal: minutes approved, no objection heard
II. Administrivia
Presentation at today's meeting:
XACML & JS: Access Control Policy Performance paper (IEEE)
document is here:
https://www.oasis-open.org/apps/org/workgroup/xacml/document.php?document_id=49346
direct link to pdf:
PDF w slides has been uploaded:
https://www.oasis-open.org/apps/org/workgroup/xacml/download.php/49346/tssgJSONpolicies20130530.pdf
Submitter's message
PDF of the slides to be presented at the XACML TC on May 30th,
covering the topic of JSON-encoded XACML policies.
Presented by Steven Davy, Bernard Butler (Waterford Institute of Technology),
Leigh Griffin (Sun Life, former WIT)
-- Dr. Steven Davy
XACML & JS: Access Control Policy Performance paper (IEEE)
Rescheduled to 5/30 meeting
Bernard Butler presents slides:
on policy side xml not directly executed but pdp's own config
needs to be triggered.
language is xacml 2.0 based and has some unimplemented
features such as Obligations
hal: oasis policy is that xml schemas are not normative, just
that they must be consistent w normative description.
bernard:
json different "layout" than xml: json based on arrays,
hashmaps, etc.
impl is one way: xml translates to json, but not reverse
req/rsp is similar to json profile that david is working on
leigh griffin: discussed json, _javascript_, java
noted: aiming for "cloud" which is leaning away from
java/xml/soap and moving toward java,scala,_javascript_/json/rest
used "redis": key/value database: fast lookup (NoSQL)
after pres:
hal: 2 maillists dev,users (users unique to this tc)
note: xacml originally used xml so tools could be developed
about it; however, xacml is a well-defined abstract language,
and any alternative notation: json, shorthand, etc would be
round trippable:
assume the pdp would use its own format internally to represent
the policies and evaluate;
also the xml req was not intended to be an efficient network
representation;
finally, all attr vals would already have been fetched and exist
in objects
hal: schema is guide to syntax but not a required feature,
and so avoided any defaulting by not requiring people
to look at the schema. motive was that people shouldn't
be constrained to specific parser, schema
meeting adjourned: 5:43 PM
ABAC Draft posted:
https://lists.oasis-open.org/archives/xacml/201305/msg00015.html
comments due by May 31:
john has proposed draft to send to NIST, requesting vote at today's mtg
https://lists.oasis-open.org/archives/xacml/201305/msg00080.html
john and hal working on TC-overall comments:
https://lists.oasis-open.org/archives/xacml/201305/msg00075.html
crystal: moves to make john's comments (msg00080) and hal's
comments today:
https://lists.oasis-open.org/archives/xacml/201305/msg00084.html
that john will edit together after the mtg as official tc submission
john seconds:
hal: unanimous approval, no objections heard
rich posted own comments raising same issue as w TC on "Attributes"
element being ungrammatical.
https://lists.oasis-open.org/archives/xacml/201305/msg00076.html
john: since comments already went to vincent hu, no point adding
them to tc official comments
rich: ok
Status of Profiles
3 ballots have been set up for advancing profiles to OS:
XACML EC-US Profile v1.0
XACML IPC Profile v1.0
REST Profile of XACML v3.0 Version 1.0
https://lists.oasis-open.org/archives/xacml/201305/msg00070.html
hal created wiki page w document status:
https://lists.oasis-open.org/archives/xacml/201305/msg00028.html
New profile proposal:
XACML v3.0 Obligation and Advice Authority (OAA) Profile Version 1.0 uploaded
https://lists.oasis-open.org/archives/xacml/201305/msg00071.html
several comments on this proposal - see maillist thru May 29:
https://lists.oasis-open.org/archives/xacml/201305/maillist.html
https://lists.oasis-open.org/archives/xacml/201305/msg00081.html
hal: noted
Updated JSON profile posted:
https://lists.oasis-open.org/archives/xacml/201305/msg00083.html
hal: since we are having a presentation, postpone issue discussion until
next meeting: (4:50 PM)
III. Issues
Distribution of obligations across multiple handlers: use cases posted to wiki
by David Laurance of jpmorgan:
https://lists.oasis-open.org/archives/xacml/201305/msg00063.html
JSON Profile - "Category vs Entity|Object issue"
original proposal to "elevate" Category:
https://lists.oasis-open.org/archives/xacml/201305/msg00021.html
rich raise concerns w that (note: this reply was accidentally
against msg00022, it should have been against msg00021):
https://lists.oasis-open.org/archives/xacml/201305/msg00027.html
steven comments on this issue as well:
https://lists.oasis-open.org/archives/xacml/201305/msg00029.html
Generalizing on-permit-apply-second
erik proposal:
https://lists.oasis-open.org/archives/xacml/201305/msg00032.html
much discussion on above, but issues may have been settled during discussion:
https://lists.oasis-open.org/archives/xacml/201305/msg00069.html
Errata: XPathCategroy
(carrying over for future discussion)
Obligations & Combining Algorithms
(carrying over for future discussion)
--
Thanks, Rich
Thanks, Rich
Rich Levinson | Internet Standards Security
Architect
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803
Oracle is committed to developing practices
and products that help protect the environment