[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Minutes for 25 May 2017 TC Meeting
Time: 4:30 PM EST (-0400 GMT)
Tel: 1-712-775-7031
Access Code: 620-103-760
Minutes for 25 May 2017 TC Meeting
I. Roll Call & Minutes
Attendance:
Steven Legg
Rich Levinson
Hal Lockhart
Bill Parducci
Martin Smith
bill: we have quorum
Approve Minutes for 11 May 2017
https://lists.oasis-open.org/archives/xacml/201705/msg00002. html
hal: any obj unan? none heard:
minutes approved:
II. Administrivia
No open administrative issues outstanding.
III. Issues
Errata Status:
Vote approved last mtg for tc-admin to initiate 15-day public review:
action was to notify tc-admin (see minutes above)
request in jira is 2585, not yet assigned
hal published comment resolution log:
https://lists.oasis-open.org/archives/xacml/201705/msg00006. html
Consider ideas for making xacml more visible publicly:
(things seem to have been down-played in wake of json/xml controversy)
(for ref: here are some of the json issues that have been swept under rug:
http://seriot.ch/parsing_json.php )
hal: json spec + alfa is json-like, but probably more robust wrt rep xacml
rich: would like to here from david more based on his email ref'd below.
martin: impediment: policy based access control: if then else examples
in the xacml docs, also done, then below is xml
until we get to point that people can represent policy in if-then-else
and relate that to xacml logic;
hal: most of xacml is turing complete, xacml is logic and can be resolved.
subject to analysis; style of idioms needs to be learned.
martin: tools haven't bridged gap of
hal: oauth scope is like a policy: action,resource; can construct equivalent
xacml rep of that; incl wildcarding, compact notation;
rich: maybe look at policies from the perspective of questions to ask about
policies for example "who as access to a specific resource".
martin: natural language words on a page
hal: wiggle-room is what makes democracy work (i.e. flexibility in interpretation
of a set of rules)
martin: strength of xacml is very large policies "can" be written and be solid.
hal: amzn's policy lang is json-like rep of xacml
Follow-up emails:
david:
https://lists.oasis-open.org/archives/xacml/201705/msg00003. html
martin:
https://lists.oasis-open.org/archives/xacml/201705/msg00004. html
rich:
https://lists.oasis-open.org/archives/xacml/201705/msg00005. html
+ additional ref to hi-level arch of oauth/xacml:
http://svn.code.sf.net/p/openaz/code/branches/RB-1.2/openaz/ test/doc/test/OAuthSimulator. html
------------------------------------------------------------ ---------
To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_work groups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]