[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes 19 February 2015 TC meeting - DRAFT
Time: 2:30 PM EST (-0500 GMT)
Tel: 513-241-0892
Access Code: 65998
Minutes for 19 February 2015 TC Meeting
I. Roll Call & Minutes
Roll Call:
Voting Members
Crystal Hayes
Richard Hill
Steven Legg
Rich Levinson
Hal Lockhart Co-Chair
Bill Parducci Co-Chair
Remon Sinnema
John Tolbert
Observer
Scott Robertson, Kaiser Permanente
Voting Members: 6 of 10 (60%)
Bill: We have quorum
Approve Minutes 5 February 2015:
https://lists.oasis-open.org/archives/xacml/201501/msg00020.html
APPROVED unanimously
II. Administrivia
Call for Agenda Change
John:
I have a couple issues I would like to discuss today about potential
Profiles.
Hal:
Noted
Next Steps
Hal:
We have a number of docs that are at Committee Specification level now. The
next step is to begin collecting Statements of Use. Does anyone need help
with vergbiage?
John:
That would be helpful.
Hal:
I will post some draft wording and post it to the list. Hopefully we will
get the rolling in the next month or so.
Hal:
There are a number of Profiles that still require some work to get to the
next level; everyone is encouraged to take back up those that are of
interest.
III.
Attribute Boundaries
John:
Some of are presenting at EIC re: Oasis standards such as XACML. Given the
multi-national nature of the EU Would it be possible for us to create a
possible to create a Profile that would not require attributes across
borders. Perhaps send a Subject and Policy.
Richard:
This is a good idea. I ahve seen it be done, e;g; in cases where you want to
see the export control status of something without the clearance to see the
attributes.
Hal:
The Admin Profile in conjunction with SAML 3.0 can address this. It was not
a primary Use Case, but it could be used for this purpose. This may be a
very unique case in that only 1 party has access to the attributes, but the
Policy is accessible to both.
John:
Using the Admin Profile is an interesting idea. I will explore that.
Bill:
It may be possible with a modest number of Policies to infer data on the
"hidden" side, leading to an exploit.
Time Limited Decisions
John:
What are the TC's thoughts on a response that is time limited?
Hal:
There are abilities to define access by time, but there is no mechanism in
XACML for a duration per se. The SAML 2.0 wrapper may be used to handle
attribute manipulation however.
Bill:
John, is human driven web usage the Use Case you are thinking of here?
John:
Basically, yes.
Hal:
XACML is typically more general than this.
John:
Could this be handled with an Obligation?
Hal:
Yes, but it's specificity makes it generally non-standard.
Bill:
I am curious as to the best way to address the reiterative nature of a human
driven website where reauth/Z is specified with a time constraint attribute.
This seems like what John is trying to address.
John: Yes, that is a Use Case for this.
Hal:
This is a common situation that can be highly contextual based upon company,
etc. If we can figure out a way to address it would be interesting to
explore.
John:
I will explore the existing Profiles and am happy to receive input from
anyone who has seen implementations, attempted to solve this.
New TC
John:
I have been working with a number of people on the adoption of US Federal
Identity Credentialing and Access Management (FICAM). We are considering
setting up a TC that would work on interoperablity of FICAM implementations.
I think will have a lot of cross-pollination with XACML and SAML.
Hal:
I am sure there will be interest/feedback once this begins to materialize.
meeting adjourned.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]