OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Minutes for 4 February 2016 TC Meeting


Time: 2:30 PM EST (-0500 GMT)
Tel: 1-712-775-7031
Access Code: 620-103-760

Minutes for 4 February 2016 TC Meeting

	Note: before sending this out I noticed we voted on the original
	 minutes, not the updated minutes. I have corrected this below
	 but leave it to higher authorities to determine if revote
	 is required!

I. Roll Call & Minutes

  Attendance

Voting Members
 Veterans Health Admin 	Mohammad Jafari
 ViewDS Identity Solns	Steven Legg
 Oracle 		Rich Levinson
 Oracle 		Hal Lockhart
 Individual 		Bill Parducci
 EMC 			Remon Sinnema
 Individual 		Martin Smith
 Queralt, Inc. 		John Tolbert

Non-Voting Members
 Axiomatics 		David Brossard

  Approve Minutes 21 January 2015
   https://lists.oasis-open.org/archives/xacml/201601/msg00042.html
  updated minutes:
   https://lists.oasis-open.org/archives/xacml/201601/msg00043.html

	hal: any objections? None heard.
	 motion carries

II. Administrivia 

  XACML TC Meeting(s) - dates for upcoming meetings set:
    https://lists.oasis-open.org/archives/xacml/201601/msg00023.html

	checked kavi: mtgs look currently accurate, so any remaining problems
	 people might be having, should check if problem still showing up
	 i.e. old emails on times should be considered obsolete. ? is if
	 any new emails are still showing an issue to be addressed?

	will keep current time (2:30 EST) until March, then switch to 4:30 EST

	if other times preferable, then should start email thread to consider


  ABAC Definition:
    David: reference
    https://lists.oasis-open.org/archives/xacml/201601/msg00041.html


III. Issues
  Default behavior for unrecognized resource attributes
   https://lists.oasis-open.org/archives/xacml/201602/msg00002.html
   (latest)

	checking if all attributes been sufficiently test by policy

	avoid synchronized human maintained lists, which all solns
	 so far have reqd to impl feature for specifying attrs that
	 are interested in

	martin: 
	 looking for something automatically, relying party would need to
	` have an additional process to do this which is not acceptable.

	david: pep may be passing irrelevant attrs, xml gateway may be automatically
	 including data from headers, etc. Does not seem to be practical ways to
	 determine what kind of filter would be appropriate to remove attributes
	 that are supposedly irrelevant.

	martin: no existing categorization of attributes as to relevance for
	 policy or not.

	david: customer: how to validate incoming requests? should they measure
	 whether there is one and only before determining if more than one.

	rich: either you want to check for "one and only one" or not?

	david: dob: 0 or more than one get indeterminate
	 third: measure size of bag (there is a bagsize fcn defined):

	more discussion on general issue of whether xacml's existing capabilities
	 can be used for specific situations, and what kind of guidance can
	 be given to make things work: i.e. defining the "right" kind of policy,
	 which is very subjective based on the environment, esp the nature
	 of the data customers are allowed to submit.

    Additional topic(s):

     martin: caching: decisions; can you rely on the same decision being appropriate
	 in the future? generally depends on environment
	john: what about swiping a card in a building to access parts of the bldg.
	fich: like sso: initial check is more stringent than subsequent checks based
	 on the validity of initial check.

     martin: workshop: NIST 3 wks ago: measurement of identity related items, such
	as strength of authentication, etc. 

	concern: little consensus of defns, so it seems premature to start talking
	 in terms of measurement.

     john: idenity-proofing: white paper trying to identify 13 attrs about attrs:
	when last updated, etc. quickly becomes unworkable:

     hal: hearing the LOA w 4 levels is encountering issues, so ongoing research to
	quantify reqts and possible solns.
	

	mtg adj: 3:25 PM EST

	next call: Feb 18, 2016: 2:30 PM EST

--
Thanks, Rich

Oracle
Rich Levinson | Internet Standards Security Architect
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803

Green
            Oracle Oracle is committed to developing practices and products that help protect the environment



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]