*******************************************
NOTE: new time for
next XAMCL TC meeting (Nov 14, 2013) and onward:
14:30 EST
11:30 PST
6:30 NZDT
*******************************************
Time: 16:30 EDT (GMT-0400)
Tel: 513-241-0892
Access Code: 65998
Minutes for 31 October 2013 TC Meeting
I. Roll Call & Minutes
Voting Members
Crystal Hayes
Mohammad Jafari
Steven Legg
Rich Levinson
Hal Lockhart Chair
Bill Parducci Chair
Remon Sinnema
John Tolbert
Voting Members: 8 of 10 (80%) (used for quorum calculation)
bill: we have quorum
Approve Minutes:
17 October 2013 TC Meeting
https://lists.oasis-open.org/archives/xacml/201310/msg00024.html
hal: minutes approved unanimously; no objections heard
II. Administrivia
Meeting Time Change 14 November 2013-> from above minutes:
scheduled time for XACML TC meeting starting 14 November 20013 to be:
14:30 EST
11:30 PST
6:30 NZDT
also: following 2 mtgs are cancelled for upcoming holidays:
Canceled: 28 November 2013 XACML TC mtg
Canceled: 26 December 2013 XACML TC mtg
DLP-NAC profile uploaded: from minutes:
John: We have asked for more concrete Use Cases to be inserted
into the Profile to likewise give the TC tangible requirements
against.
https://lists.oasis-open.org/archives/xacml/201310/msg00027.html
john: nextlabs has some use cases he is trying to include
XACML v3.0 Related and Nested Entities Profile Version 1.0 uploaded
https://lists.oasis-open.org/archives/xacml/201310/msg00028.html
comments:
john: https://lists.oasis-open.org/archives/xacml/201310/msg00029.html
steven: https://lists.oasis-open.org/archives/xacml/201310/msg00030.html
mohammad: https://lists.oasis-open.org/archives/xacml/201310/msg00031.html
steven: https://lists.oasis-open.org/archives/xacml/201310/msg00035.html
https://lists.oasis-open.org/archives/xacml/201310/msg00036.html
john: https://lists.oasis-open.org/archives/xacml/201310/msg00038.html
steven: follow-up to attrs of rels thread:
addresses "attribute flattening"
moved more from programmatic to declarative representation
normally interested in boolean result
conditions: improve syntax
also returning obls
went thru doc section by section:
2 Quantified Expressions 7
2.1 ForAny _expression_ 7
2.2 ForAll _expression_ 8
2.3 Map _expression_ 8
2.4 Select _expression_ 9
3 The Entity Data-type 10
3.1 Examples of Entity Values (non-normative) 10
4 Functions 13
4.1 The attribute-designator function 13
4.1.1 Example (non-normative) 13
4.2 The attribute-selector function 14
4.3 The entity-one-and-only function 15
4.4 The entity-bag-size function 15
4.5 The entity-bag function 16
5 Examples (non-normative) 17
5.1 Matching Values in a Bag 17
5.2 Access Subject Relationships 18
5.3 Table-driven Policy _expression_ 21
5.3.1 Table-driven Policy _expression_ Using XACML Attributes 22
5.3.2 Table-driven Policy _expression_ Using XML 25
hal: comments?
john: namespace collisions? canonicalization things?
is there issue, for example w attrs defined in ipc profile?
hal: in mathematics: range is input allowed, domain is output allowed
hal: members should review in detail and next mtg we should
have substantive discussion
Request / Response Interface based on JSON and HTTP for XACML 3.0 Version 1.0
15-day public review announced:
https://lists.oasis-open.org/archives/xacml/201310/msg00032.html
hal: may want to progress for CS at next call then
send as part of group
XACML MAP Authorization Profile WD3 uploaded
https://lists.oasis-open.org/archives/xacml/201310/msg00034.html
hal: update to profile
john: should be final iteration for wd; looking
to move toward csd and pub rev.
additional item: possible interop (dept homeland security):
john: xacml interop: martin smith: washington dc;
looking to see if members willing to re-run rsa demo;
hal: people could do over internet; vs rsa where people
are already there, so attractive for vendors
john: govt looking to make this public event in govt-specific
manner, maybe 3-4 months after 1st of year
hal: there were issues raised last summer outside tc and is
that something that needs to be addressed
john: symantec may have some interest in participating
hal: had offline disc w bill on 80/20 dialect of xacml, maybe
that might drive adoption more
john: please notify if there is interest
hal: john will post more details to list
john: will post at time tbd; still discussing w other parties
III. Issues
RuleID (question: additional comments since last mtg)
hal: https://lists.oasis-open.org/archives/xacml/201310/msg00037.html
hal: only used in combining algs for policies,
only have to be unique within policy
rich: ruleid defn as string in xsd, vs other id's that are anyURI
IP Address comparisons: from minutes: ACTION ITEM:
Hal will write up some example functions for comparison to begin discussion.
https://lists.oasis-open.org/archives/xacml/201310/msg00011.html
hal: will try for next mtg to post
IV. Other business:
meeting adjourned 5:12 PM EDT
note: new time for next meeting and onward: 14:30 EST
--
Thanks, Rich
Thanks, Rich
Rich Levinson | Internet Standards Security
Architect
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803
Oracle is committed to developing practices
and products that help protect the environment