Minutes 12 December 2013 TC Meeting

[Bill Parducci <bill@parducci.net>]

Minutes for 12 December TC meeting

I. Roll Call & Approve Minutes
  Voting Members:
   Richard Hill
   Mohammad Jafari
   Steven Legg
   Rich Levinson
   John Tolbert
   Hal Lockhart (chair)
   Bill Parducci (chair)

  Members:
   Erik Rissanen

   Quorum Achieved - 70% (per Oasis) Yes. 9 of 10 (90%) (used for quorum calculation)

  Minutes 14 November 2013 TC Meeting 
   Motion to approve: Bill
   Second: John Tolbert
   VOTE: APPROVED unanimously

II. Adminstrivia
  Schedule for TC meetings
   There will be NO meeting two weeks. The next call will be the 9th of
   January.

  RFC7061 - MIME type
   Please review and comment as appropriate.

  GeoXACML and XACML Policy Administration Web Service
   Jan posted the latest spec. The TC is asked to take a look at it.
  
  ITU-T XACML v2 -> v3 document
   Hal: The ITU-T generated an auxiliary document that describes the
        changes from XACML v2 to v3. They had reached out to TC looking
		for some sort of endorsement/comment from the TC.
   Erik: I think it is a good document. The question is if it is
         detailed enough?
   Rich: It appears that there are some details that should be called
         out. I am not sure if we have time to do this before their
		 next meeting.
   Hal: The level of detail is always arbitrary. Let's review this and
        be prepared at the next meeting to formally discuss an
		endorsement. Please direct input to the list between now and then.

  XACML v3.0 Related and Nested Entities Profile
   Steven: the only real outstanding issue in open discussion is the
           "Domain/Range" nomenclature.
   John: I would prefer "Quantifer-Domain" for clarity.
   Hal: based upon feedback the TC will leave this to Steven's
        discretion.

III. Issues
  Using higher-order bag functions with IP & DNS functions
   Hal walked through his proposal
   Bill: I would like to see a more general solution that would for
         ranges that do not match a subnet mask. I have posted my 
		 proposal for handling this to the list.
   Steven: The introduction of greater-than and less-than functions
   John: The proposed wildcard solution would lead to a very large
         number of entries to cover an organization with many levels
		 of DNS domain depth
   John: I will be soliciting volunteers to help generate examples for
         the Profile

  Recursion limits question raised on list
   Hal: There is not much more that can be done by the TC on this
        matter in my opinion. 

  DLP-NAC: Multiple Resource-IDs in a single request
   John reviewed his use case for copying content from one resource-id
   to another.
   Hal: the use case looks like it can be broken down to a read, then a
        read action. Attempting to solve this in a single question
		doesn't fit the PDP model.
   Steven: There are ways to around this but it dependent up on the
           specific mechanics of the case.
   Hal: it's a real head scratcher what the real resource is in this 
        situation.
   John: We will propose in the next authorized application Boolean data
         type ("whitelisting")
   Hal: a code based Subject is another option.
   
meeting adjourned.