OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes 13 March TC Meeting

Time: 4:30 PM EST (-0400 GMT)
Tel: 1-712-775-7031

Minutes for 13 April 2017 TC Meeting

I. Roll Call & Minutes
 Attendance
 Voting Members
  Hal Lockhart (Co-Chair)
  Bill Parducci (Co-Chair)
  Rich Levinson
  Steven Legg
  Martin Smith
  Mohammad Jafari

 Members
  David Brossard

 Quorum: YES. 5 of 7 (71%) 

 Approve Minutes 30 March 2017
  APPROVED
  
II. Administrivia
  Hal: Richard Hill has notified me that he will no longer be able to participate in the
  TC.

  David:
   I co-presented and published an ACM paper on how to implement ABAC / XACML. It may be
   found here:
   http://dl.acm.org/citation.cfm?id=3041051

III. Issues
 Errata Status
  Hal:
   I am going to walk through the document that I posted to the list:
   https://lists.oasis-open.org/archives/xacml/201704/msg00001.html
   
   The TC is encouraged to review and discuss the proposed actions before the next meeting.

 HL7 (Compound Attributes)
  David:
   I am interested if the TC has members interacting with the work on HL7...?
  Mohammad:
   I have. HL7 namespace health specific attributes are interoperable with XACML
  Hal:
   Attributes, not types?
  Mohammad:
   Some of the attributes are of type HL7 descriptor. Is this done in the context of XSPA?
  David:
   I don't believe so.
  Hal:
   If that's the case, it would be interesting to learn about it. There is a precedence 
   for this type of model with Geo XACML, requiring a custom set of functions to consume.
  Mohammad:
   I have been involved in some discussions on how to create flat attributes from compound
   domain specific types. Perhaps we should explore an normative way to accommodate 
   complex attributes? 
  Steven:
   Entities Profile allows you to process complex attribute types in XACML.
  Martin:
   Doesn't this create a problem delivering them in SAML?
  Hal:
   If these are complex XML types, they should be able to be passed around.
  Mohammad:
   It's not that it's non-standard, it's that there were no known implementations of 
   handling complex attributes types.
  Hal:
    This should distill down to PDP support.
  Mohammad:
    I am not sure compressing complex attributes to XML strings will always lead to a 
    deterministic result.
  Hal:
    For the record the most common implementation of SAML is SSO, without attributes. Any 
    work with attributes and SAML is a 1% of implementations domain.

 Break the Glass
  Martin:
   There is a lot of interest in the Break the Glass scenario.
  Hal:
   We explored this years ago without resolution. There were some issues surrounding 
   Obligations initiated via Undetermined responses if I recall.
  Martin:
   It seems like the solution should be fairly straightforward.
  Bill:
   A draft document was posted by David Chadwick on the XACML email list:
   https://lists.oasis-open.org/archives/xacml/201102/doc00000.doc

meeting adjourned.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]