[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for 25 May 2017 TC Meeting
Time: 4:30 PM EST (-0400 GMT) Tel: 1-712-775-7031 Access Code: 620-103-760 Minutes for 25 May 2017 TC Meeting I. Roll Call & Minutes Attendance: Steven Legg Rich Levinson Hal Lockhart Bill Parducci Martin Smith bill: we have quorum Approve Minutes for 11 May 2017 https://lists.oasis-open.org/archives/xacml/201705/msg00002.html hal: any obj unan? none heard: minutes approved: II. Administrivia No open administrative issues outstanding. III. Issues Errata Status: Vote approved last mtg for tc-admin to initiate 15-day public review: action was to notify tc-admin (see minutes above) request in jira is 2585, not yet assigned hal published comment resolution log: https://lists.oasis-open.org/archives/xacml/201705/msg00006.html Consider ideas for making xacml more visible publicly: (things seem to have been down-played in wake of json/xml controversy) (for ref: here are some of the json issues that have been swept under rug: http://seriot.ch/parsing_json.php) hal: json spec + alfa is json-like, but probably more robust wrt rep xacml rich: would like to here from david more based on his email ref'd below. martin: impediment: policy based access control: if then else examples in the xacml docs, also done, then below is xml until we get to point that people can represent policy in if-then-else and relate that to xacml logic; hal: most of xacml is turing complete, xacml is logic and can be resolved. subject to analysis; style of idioms needs to be learned. martin: tools haven't bridged gap of hal: oauth scope is like a policy: action,resource; can construct equivalent xacml rep of that; incl wildcarding, compact notation; rich: maybe look at policies from the perspective of questions to ask about policies for example "who as access to a specific resource". martin: natural language words on a page hal: wiggle-room is what makes democracy work (i.e. flexibility in interpretation of a set of rules) martin: strength of xacml is very large policies "can" be written and be solid. hal: amzn's policy lang is json-like rep of xacml Follow-up emails: david: https://lists.oasis-open.org/archives/xacml/201705/msg00003.html martin: https://lists.oasis-open.org/archives/xacml/201705/msg00004.html rich: https://lists.oasis-open.org/archives/xacml/201705/msg00005.html + additional ref to hi-level arch of oauth/xacml: http://svn.code.sf.net/p/openaz/code/branches/RB-1.2/openaz/test/doc/test/OAuthSimulator.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]