OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Proposed Agenda for 21 January 2016 TC Meeting

Time: 2:30 PM EST (-0500 GMT)
Tel: 1-712-775-7031
Access Code: 620-103-760

Proposed Agenda for 21 January 2016 TC Meeting

I. Roll Call & Minutes

  Approve Minutes 7 January 2015
   https://lists.oasis-open.org/archives/xacml/201601/msg00027.html

II. Administrivia 

  XACML TC Meeting(s) - dates for upcoming meetings set:
    https://lists.oasis-open.org/archives/xacml/201601/msg00023.html

  ABAC Definition:
    hal: comment and refs to abac defns:
      https://lists.oasis-open.org/archives/xacml/201601/msg00028.html
    david: additional refs and perspective:
      https://lists.oasis-open.org/archives/xacml/201601/msg00029.html

  NIST publication on ABAC comparing XACML and NGAC
    reported last mtg that comments were to end 15-Jan-16


III. Issues

  Default behavior for unrecognized resource attributes
   emails since last mtg adjourned:
    erik: comments on scope of policy and external to the policy conditions
      that can impact results. ex. emergency override, invalid policy semantics, etc.
        https://lists.oasis-open.org/archives/xacml/201601/msg00024.html
    erik: comments on whether policies can be required to contain attrs
      in some automated manner (ex. ext existence of attr may imply must be in policy)
        https://lists.oasis-open.org/archives/xacml/201601/msg00025.html
    martin: consider legal responsibilities of resource owner; tags can imply specific
      policies need to be applied; also new consideration: reluctance to identify
      access rights that should have been revoked; i.e. stickiness of access privs,
      vs quick identification of improper denial decisions
        https://lists.oasis-open.org/archives/xacml/201601/msg00026.html
    hal: questions to erik on feasibility of defining the "true intent" vs what
      is contained in the "actual policy"
        https://lists.oasis-open.org/archives/xacml/201601/msg00030.html
    erik: clarifies: use case is PEP contains unknown attr to policy in request: can
      policy be designed to recognize that an attr it doesn't recognize is in the req
      and that fact should be used in the decision? erik says this is example of
      policy correctness criteria, which is a much broader subject than this 1 case:
        https://lists.oasis-open.org/archives/xacml/201601/msg00031.html
    bill: policy versioning can help this overall situation, which has been discussed
      in the past by TC:
        https://lists.oasis-open.org/archives/xacml/201601/msg00032.html

--
Thanks, Rich

Oracle
Rich Levinson | Internet Standards Security Architect
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803
Green Oracle Oracle is committed to developing practices and products that help protect the environment

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]