Time: 4:30 EDT (-0400 GMT) Tel: 513-241-0892 Access Code: 65998 Minutes for 29 May TC Meeting I. Roll Call & Minutes Roll Call: Richard Hill Mohammad Jafari Steven Legg Rich Levinson Hal Lockhart Bill Parducci Erik Rissanen John Tolbert Voting Members: 8 of 11 (72%) (used for quorum calculation) bill: we have quorum Approve Minutes: 15 May 2014 TC Meeting https://lists.oasis-open.org/archives/xacml/201405/msg00030.html hal: any objection to unanimous approval? none heard. minutes approved hal,rich: additional items added at end of section II based on actions from prev mtg. II. Administrivia David B's: slides from the OASIS workshop on privacy at the European Identity Conference 2014 https://lists.oasis-open.org/archives/xacml/201405/msg00029.html hal: jamie clark: pbrm? prst? chairs will take action what other tc's are doing and to see if anything xacml can support their activity. i.e. make sure policy forms work w xacml hal to follow up DSig Profile: Groups - xacml-3.0-dsig-v1.0-wd09.doc uploaded https://lists.oasis-open.org/archives/xacml/201405/msg00033.html note: was passed but being redone based on Mohammad's comments erik: fixed typos; mostly white space issues; redline only chgs for this specific working draft; hal: where are we in process? found notes: going directly to cs w no pub rev. erik: moves to make cs get ballot to cs and chgs not specific to substandce hal: do I have motion to move this profile to cs w no substantive chgs? motion passed. Erik: I move that the TC approve XACML v3.0 XML Digital Signature Profile Version 1.0, Working Draft 08 and any associated artifacts packaged together in: https://www.oasis-open.org/apps/org/workgroup/xacml/download.php/52450/xacml-3.0-dsig-v1.0-wd08.doc as a Committee Specification Draft, designating the DOC version of the document as authoritative and not requiring Public Review as these changes are Non-Material (as defined in the OASIS TC Process: http://www.oasis-open.org/policies-guidelines/tc-process#dNonmaterialChange). Bill: I second. VOTE: APPROVED unanimously ACTION: Chairs will submit to TC Admin. RBAC Profile: Groups - xacml-3.0-rbac-v1.0-wd11.doc uploaded https://lists.oasis-open.org/archives/xacml/201405/msg00035.html erik: thinks it needs public review hal: will take look at the details (see discussion below). 3 Ballots to approve profiles as CS have passed: XACML v3.0 Multiple Decision Profile Version 1.0 XACML v3.0 Hierarchical Resource Profile Version 1.0 XACML v3.0 XML Digital Signature Profile Version 1.0 https://lists.oasis-open.org/archives/xacml/201405/msg00038.html note: below DSig profile re-opened: 15-day Public Review for #XACML v3.0 Privacy Policy Profile Version 1.0 - ends June 6th https://lists.oasis-open.org/archives/xacml/201405/msg00039.html more detail for tc: https://lists.oasis-open.org/archives/xacml/201405/msg00040.html comments: mohammad: https://lists.oasis-open.org/archives/xacml/201405/msg00041.html erik,hal: tc members should try to get comments in before pub review, although tc members certainly can comment during pub review. mentioned because comment was held, waiting for pub rev, before submitting. 15-day Public Review for JSON Profile of XACML 3.0 v1.0 - ends June 12th https://lists.oasis-open.org/archives/xacml/201405/msg00042.html comments: mohammad: https://lists.oasis-open.org/archives/xacml/201405/msg00044.html david (reply): https://lists.oasis-open.org/archives/xacml/201405/msg00044.html steven: https://lists.oasis-open.org/archives/xacml/201405/msg00046.html Actions from last mtg (added to original agenda): DLP-NAC (from prev mtg minutes): Hal: The most important consideration is that the syntax remains legal for the respective language. John: -> We will try to clean this up and get it out by the next meeting or the one thereafter. hal: originally took action item to do this one. there was typo in ip value fcn. will be fixed. network mask: will drop match if 2 addr in same subnet. bill: nothing for something in the middle to act on so there is no point even a firewall not positioned to process. hal: ok w subranges and not try to do the subnet hal: mask? bill: no value in mask if we are doing range and ip addr. bill: don't accept the mask hal: ok hal: assuming hi and lo ip and hi and lo port; what syntax to we want to specify range; bill: would defer to others. but not square bracket for ip range hal: port, port range, port range list: port range allows 4 options hal: added list w commas to port range; hal: what about square brackets on ip addr? bill: was not used; proposal was they are explicit, extended by dash or enumerated by comma. hal: lo-ip-addr - hi-ip-addr, next one, ... hal: also ipv6 has considerations. bill: ip-addr lower and upper are "inclusive" hal: bottom line: drop ip match fcn, but leave others hal: will get to it before next call john: obligations for logging: don't want to say "what" will be logged, but in more qualitative sense describe the kinds of logging that might be available. john and hal to work out parallel non-overlapping chgs each are making to spec Specification of Role Enablement (from prev mtg minutes) Hal: -> I will respond to Steven's post to the list. There is a global constraint that there is an agreemtn author and what the PEP is enforcing. It is desriable for policy to be consistent (behavior couched in properties, independet of implementation). Realistically this is not possible with all architectures. I will expand on this on the list. hal: still needs to put his comments to steven's discussion together REST Profile (from prev mtg minutes) Remon: -> I will make a new Working Draft. hal: status of rest itself hal: voted to CS a year ago. erik: conformance section was not normative hal: ok, that needs to be addressed. hal: ray's naming scheme? discuss below III. Issues Profile naming (issue originally assoc w saml profile) ray: https://lists.oasis-open.org/archives/xacml/201405/msg00031.html original issue: https://lists.oasis-open.org/archives/xacml/201405/msg00015.html david: https://lists.oasis-open.org/archives/xacml/201405/msg00032.html erik: https://lists.oasis-open.org/archives/xacml/201405/msg00034.html bill: https://lists.oasis-open.org/archives/xacml/201405/msg00036.html hal: issue on table is saml profile, but there are other profiles as well. hal: after discussion, we will go w Erik's proposal: "XACML SAML Profile Version 2.0" from erik's email above. rich: so this means: XACML (any version) SAML (any version) and the "Version 2.0" refers to the version of the profile document. erik: some profiles are not specific to xacml core version hal: oasis naming conventions have evolved, so decisions made on earlier documents nay not be "legal" w the current rules, but we are not planning to go back and change things. meeting adjourned ~5:30 EDT
--
Thanks, Rich
Thanks, Rich
Rich Levinson | Internet Standards Security
Architect
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803
Oracle is committed to developing practices
and products that help protect the environment