OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Minutes for 31 March 2016 TC Meeting



*** Special meeting w Guest Speaker, Bill Fisher, from NCCoE ***

	Note: the planned discussion topics related to this presentation will
	 be continued @ next tc mtg on Apr 14.


Time: 4:30 PM EDT (-0400 GMT)
Tel: 1-712-775-7031
Access Code: 620-103-760

Minutes for 31 March 2016 TC Meeting

I. Roll Call & Minutes

    Voting Members
	Mohammad Jafari 	Veterans Health Administration
	Steven Legg 		ViewDS Identity Solutions
	Rich Levinson 		Oracle
	Hal Lockhart 		Oracle
	Martin Smith 		Individual
	John Tolbert 		Queralt, Inc.
      Voting Members: 6 of 9 (67%) (used for quorum calculation)
    Members
	David Brossard 		Axiomatics
	John Davis		Veterans Health Administration
	Gerry Gebel 		Axiomatics
	Crystal Hayes 		The Boeing Company
    Guests
	Bill Fisher 		NCCoE (NIST)
	Sudhi Umarji 		NCCoE (NIST)

	special presentation and discussion:
	  National Cybersecurity Center of Excellence


 Approve Minutes 17 March 2016
  https://lists.oasis-open.org/archives/xacml/201603/msg00006.html

	hal: approved unanimously, no objections heard

II. Administrivia
Guest Speaker from NCCoE for Thursday's meeting
      https://lists.oasis-open.org/archives/xacml/201603/msg00007.html


        This meeting, Thursday, March 31 was dedicated to a presentation
         by Bill Fisher of the National Cybersecurity Center of Excellence,
         followed by discussion.

        In addition to answering any questions,
         Bill would like our input on
          what the NCCoE should be doing in regard to XACML and ABAC.
	  (This item can be picked up a continuation next mtg)


	Below are notes I took during pres/mtg: mostly focused on items
	 not directly, or only partially, included in the slides

	Bill Fisher presentation on gotomeeting:
	 webex pres:
	  https://global.gotomeeting.com/join/233296133
	 link to actual presentation document on oasis (need oasis member creds to access):
	  https://www.oasis-open.org/apps/org/workgroup/xacml/download.php/57854/NCCoE%20OASIS%20TC%20Presentation.pptx

	ACD: Applied Cyber-security Division

	 800 series docs produced by other division, ACD demo's solns using those specifications
	  looking at private sector security issues and practices

	   use case project: in collaboration w us economic sector vertical,
	    ex. financial sector - specific use cases

	   building block project: driven by technology,
	    not a specific sector necessarily; 65% soln; 35% custom;

	 described overall project process: collaborating w contributors, etc.

	 actually build the project in the NCCoE lab w the contributors

	5 howto guides have been published: all in draft version

	 it-health and energy guides close to finalization

	 Personal Identity Verification smart cards PIV (govt uses, and has x509 cert on device);
	  how to leverage piv cards w mobile? using derived creds; 800-157 has overview of soln:

	hal: tc provided feedback on abac discussion


	bill: cisco device-attrs that can be pulled for attr-based policy decisions
	 internal debating whether to put out for more comments
	 looking @ 2nd build w different architecture compared to existing impl.

	 doing mkt research on what tech is available: additional barriers for
	  adoption; policy creation; access strategies: risk relevant attrs

	martin: federation of attrs;

	bill: 1st build is "attr federation": all env attrs from idp, can have multiple attr providers,
	  then federate them

	   identity federation and abac together because it had been recommended;

	 looking at issues w cloud providers; not seen swaas that allows external
	  using cloud security brokers: also haven't seen "abac + big data"
	  questions about integration w bigdatabases

	1st build abac + identity fed

	2nd builds: not committing to fed again.

	rich: so basically going to do abac w/o fed (single security domain),
         and analyze w/o additional complexity from federation,
	 which is essentially an "after the fact integration of attrs" from different security domains.


	hal: time to get on to additional discussion items: either extend mtg or
	 continue @ next xacml tc mtg;

	martin: scoped question: reference impl to use for partner endpoint testing?
	 is that kind of thing NCCoE can do?

	bill: probably not, because the charter of the org is to put together ref impls,
	 but not commit to standing those up as integration/certification modules;

	hal: forgerock has opensource, also apache is in process of doing OpenAz

	sudhi: conformance testing facilities?

	hal: currently very limited in xacml; there is conformance test suite, but
	 primarily been used by pdp implementers as opposed to user-oriented


	hal: discussion will continue next mtg: apr 14

	meeting adjourned: 5:37 PM EDT



    Possible post-presentation discussion topics For Thursday:

     Broader Technology Participation in NCCoE: hal
      https://lists.oasis-open.org/archives/xacml/201603/msg00008.html

     The Attribute Problem
      https://lists.oasis-open.org/archives/xacml/201603/msg00009.html

     ABAC Performance
      https://lists.oasis-open.org/archives/xacml/201603/msg00010.html

     Policy Authoring
      https://lists.oasis-open.org/archives/xacml/201603/msg00014.html
      https://lists.oasis-open.org/archives/xacml/201603/msg00012.html
      https://lists.oasis-open.org/archives/xacml/201603/msg00011.html

     Policy Audit
      https://lists.oasis-open.org/archives/xacml/201603/msg00013.html

     XACML and OAuth
      https://lists.oasis-open.org/archives/xacml/201603/msg00015.html

     ABAC and big data
      https://lists.oasis-open.org/archives/xacml/201603/msg00017.html
      https://lists.oasis-open.org/archives/xacml/201603/msg00016.html




III. Issues

  Potential topics for introductory articles about XACML
   (discussed @last mtg: list of topics is attached to the email)
    https://lists.oasis-open.org/archives/xacml/201603/msg00004.html




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]