OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for 25 May 2017 TC Meeting

Time: 4:30 PM EST (-0400 GMT)
Tel: 1-712-775-7031
Access Code: 620-103-760

Minutes for 25 May 2017 TC Meeting

I. Roll Call & Minutes

Attendance:

Steven Legg
Rich Levinson
Hal Lockhart
Bill Parducci
Martin Smith

    bill: we have quorum


 Approve Minutes for 11 May 2017
  https://lists.oasis-open.org/archives/xacml/201705/msg00002.html

   hal: any obj unan? none heard:
    minutes approved:


II. Administrivia
  No open administrative issues outstanding.


III. Issues

 Errata Status:
  Vote approved last mtg for tc-admin to initiate 15-day public review:
   action was to notify tc-admin (see minutes above)

    request in jira is 2585, not yet assigned

  hal published comment resolution log:
    https://lists.oasis-open.org/archives/xacml/201705/msg00006.html


 Consider ideas for making xacml more visible publicly:
  (things seem to have been down-played in wake of json/xml controversy)
   (for ref: here are some of the json issues that have been swept under rug:
     http://seriot.ch/parsing_json.php)

	hal: json spec + alfa is json-like, but probably more robust wrt rep xacml
	rich: would like to here from david more based on his email ref'd below.

	martin: impediment: policy based access control: if then else examples
	 in the xacml docs, also done, then below is xml
	 until we get to point that people can represent policy in if-then-else
	  and relate that to xacml logic;

	hal: most of xacml is turing complete, xacml is logic and can be resolved.
	 subject to analysis; style of idioms needs to be learned.

	martin: tools haven't bridged gap of

	hal: oauth scope is like a policy: action,resource; can construct equivalent
	 xacml rep of that; incl wildcarding, compact notation;

	rich: maybe look at policies from the perspective of questions to ask about
	 policies for example "who as access to a specific resource".

	martin: natural language words on a page

	hal: wiggle-room is what makes democracy work (i.e. flexibility in interpretation
	 of a set of rules)

	martin: strength of xacml is very large policies "can" be written and be solid.

	hal: amzn's policy lang is json-like rep of xacml


  Follow-up emails:
    david:
	https://lists.oasis-open.org/archives/xacml/201705/msg00003.html
    martin:
	https://lists.oasis-open.org/archives/xacml/201705/msg00004.html
    rich:
	https://lists.oasis-open.org/archives/xacml/201705/msg00005.html
     + additional ref to hi-level arch of oauth/xacml:
	http://svn.code.sf.net/p/openaz/code/branches/RB-1.2/openaz/test/doc/test/OAuthSimulator.html

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]