[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: PRELIMINARY FIRST HALF: Minutes: 20010718 F2F #1
Well folks I'm 2.5 hours in to "formatting" the F2F notes ... I hope to complete the rest today ... but just so you don't think I'm a laggard, I figured I'd post what I've got. Minutes of the XACML Face To Face, July 18th, 2001 Sofitel San Fransisco Bay, Redwood City, California, USA Summary Upon query at close most participants were of the opinion the meeting was productive. The relationship of XACML to digital rights management came up several times. Use case discussions regarding health care and ebXML were fruitful, but more work is needed. The importance of distingushing between "roles" and "groups" was uncovered. After a brief discussion of TREX, there was a binding vote to use the W3C XML Schema specification for the specification of XACML. The domain model was discussed in detail. The importance of "meta policy" to ensure predictable policy behavior across vendors was uncovered. The importance of a glossary and well defined terms was evident most of the day, e.g. the general use of the term "query" can result in confusion since there is a distinction between "querying for an access decision" and "querying for a policy specification". Clarification of scope for XACML v1.0 was pursued along with the creation of a calendar of deliverables and meeting agendas, i.e. August 1st use case submission, August 9th use case discussion, August 23rd policy model discussion, September 9th policy model proposals. These were pushed out for vote during the July 26th conference call due to lack of a quorum in the afternoon. Raw minutes as authored by Ken Yagen and Gilbert Pilz can be found at http://lists.oasis-open.org/archives/xacml/200107/msg00033.html. Action Items Post MPEG links to list - Dave Parrott (done by Thomas Hardjono) Explore OASIS/MPEG or ISO co-operation - Simon Blackwell Start list thread on roles vs. groups - Simon Blackwell (done) Advise TREX TC of W3C Schema vs TREX decision - Simon Blackwell Post presentations to list - Dave Parrott, Fred Modes, Suresh Damodaran, Pierangela Samarati (done) Discuss calendar on July 26th conference call - All (done) Details 09:00 Roll Call (Ken Yagen) 9 Voting Members Present Ken Yagen, Crosslogix Fred Moses, Entitlenet Joe Pato, HP (Late) Gilbert Pilz, Jamcracker Jeff Hodges, Oblix Simon Blackwell, Psoom Bill Parducci, Self Suresh Damodaran, SterlingCommerce Philip Hallam-Baker, Verisign Tim Moses, Entrust 3 Voting Members Via Phone Carlisle Adams, Entrust (Voting as of this meeting) David Parrott, Reuters Michiharu Kudoh, IBM Probationary Members Present Sandilya Garimella, BEA Pierangela Samarati, U.Milan Observers Gary Ellison, Sun Microsystems Mohnish Harisiganey, Crosslogix Simon Godik, Crosslogix Mingde Xu, Crosslogix Frank Chum, Psoom Merlin Hughes, Baltimore 09:05 Opening Remarks and Agenda Review (Simon Blackwell) Thanks to Crosslogix (Note: it's cheaper to sponsor than it is to fly to Texas). Meeting counts towards membership, but not against. Probationary members meeting membership requirements as a result of attendance today can vote. Hence, we have a quorum. 09:00-09:15 Roll call & welcome (Simon Blackwell) 09:15-10:00 Reuter's Requirements For DRM (Dave Parrott) 10:00-10:45 Health Care Use Cases (Fred Moses) 10:45-11:00 Break 11:00-11:45 DRM Use Cases (Philip Hallam-Baker/Thomas Hardjono) 11:45-12:30 ebXML Use Cases (Suresh Damodaran) 12:30-13:30 Un-hosted lunch 13:30-14:15 Use Case Session 4 (Open) 14:15-15:00 Domain Model (Gilbert Pilz) 15:00-15:15 Break 15:15-16:00 Entrust Preliminary Proposal (Tim Moses) 16:00-16:45 TBD (Pierangela Samarati), XACL (Michiharu Kudo) 16:45-17:00 Closing Remarks Agenda accepted with no changes 9:10 Report on Reuter's Requirements For DRM (Dave Parrott) MPEG-21 is standardizing content protection mechanisms. See Reuter's Requirements in the document respository http://www.oasis-open.org/committees/xacml/docs/response-v1.0-public.doc and the presentation in the list archives http://lists.oasis-open.org/archives/xacml/200107/msg00026.html. Dave Parrott clarified "obligations" as a result of questions. "Obligations" are conditions on access. They may be the set of circumstances required to allow access or the set of circumstances required post access, e.g. You must include my branding info when you display this data. "Obligations" imply no sense of temporal ordering. Obligations could have been distinguished by name between pre-conditions that must be satisfied to obtain access and post-conditions that must be satisfied after access has been granted, but they weren't. esented, "Obligations" imply no sense of temporal ordering. A general discussion of the nature of MPEG ensued. MPEG-21s boundaries like that of other work, e.g. XKMS, are not yet well defined. MPEG is part of ISO so their activities are bounded by ISO. It is very formal and very active. It meets four times per year, plus has a large number of ad hoc meetings. Currently there is MPEG-4, MPEG-7, and MPEG-21. Requirements are solicited from the members, a request for proposal is released and final features are cherry picked. No formal membership relationship between MPEG and OASIS due to ISO membership requirements. This was folled by a discussion of how to co-operate with MPEG. It was suggested we submit XACML for consideration as part of the standard. Some general uneasniess was expressed due to the size and formal nature of MPEG. Simon Blackwell said he would pursue how OASIS can co-operate with ISO/MPEG through OASIS management. Dave Parrott said he would post to the list links to MPEG-21 requirements when they are officially published. A discussion of whether or not DRM is in scope ensued and was tabled in the interest of time. 10:04 Health Care Use Cases (Fred Moses) Slides available at http://lists.oasis-open.org/archives/xacml/200107/msg00050.html. (The link in the document archives is currently broken). Simon Blackwell made a point about how important medical work is. The Health Insurance Portability And Accountability Act has a lot of security provisions and is estimated to cause a $25,000,000,000 re-write of existing systems. A general discussion ensued regarding the "broken" nature of HL7s current security. This included discussion of the need for/problems with global identifiers. P3P also came up. Simon Blackwell pointed out that P3P is about publishers saying what they will do with information that is collected, it is not about enforcement of data subject preferences after data is collected. Discusion with respect to specific slides led to these further comments: - The fact that the HIV test occurred at all, not just its result, is a piece of information that needs to be protected. - The frequency and type of authorization attempts is information that needs to be captured and monitored. - The European Privacy guide speaks a lot about intent. Its not simply a matter of what you did, but what you intended to do. (Post Meeting Notes Enhancement: See http://sansone.crema.unimi.it/~samarati/Papers/sec01.ps in which Pierangela Samarati discusses the issue of intent.) - Unless rules follow the data when the restrictions are overridden there is no way for the entity that obtained the data to comply with the restrictions. This brings us back to work that has been done in the DRM space. A broader discussion about whether "overrides" should be handled with the Authorization Model or whether they should be considered to be out-of-band and not covered in the Authorization Model ensued. Gilber Pilz pointed out that overrides are just "higher order" rules that contain exceptions that reference other rules. Bill Parducci asked if we need to worry about nested sub-access schemes where, for instance, the billing personnel have access to one level of information and they, in turn, grant rights to the mailing personnel for an even smaller subset of the information. Simon Blackwell pointed out this brings us back to the DRM space again with the "re-publish rights" problem. This lead to discussion of whether we specify the kinds of rights and types of contexts parameters available or do we leave this open. Consensus appeared to be that we layer our specification and provide some general common set of rights but provide for its extension. SAML is doing something similar with URIs. 10:48 AM Break 11:04 AM Health Care Use Cases (continued) A brief discussion of how to co-ordinate with HL7 ensued with no definitive result. Anyone can join HL7 and they have a very active security contingent. 11:07 DRM Use Cases (Philip Hallam-Baker) Philip Hallam-Baker was not prepared to discuss this topic as a result of a communication error on the part of the chair, Simon Blackwell, prior to the meeting. He did comment that "DRM is completely wrong. Instead of trying to protect content they should concentrate on payment." A brief discussion of the concept "DRM" ensued, wherein it was pointed out that Reuter's also finds the term somewhat misleading since it should be be called "digital rights enforcement." 11:09 AM ebXML Use Cases (Suresh Damodaran) There were not slides. A document was circulated and is now available in the repository at http://www.oasis-open.org/committees/xacml/docs/Registry-Usecase-report.doc. Gilbert Pilz asked for clarification on the difference between Role and Group. Several opinions were voiced. Roles are attributes of a Principal. Groups are collections of Principals (Suresh). There is no real semantic distinction between Roles and Groups (Phillip Hallam-Baker). Groups are sets of users. Roles are sets of privileges. Roles can be activiated dynamically. A user can choose to take on a Role whereas they cannot choose to be or not be a member of a Group (Pierangela Samarati). There was agreement to continue the discussion on the list and ensure that we remain consistent with SAML. Gilber Pilz asked "How do you know whether a particular method requires "read" or "write" access/permission?" Suresh Damodaran responded that "read" means the "read method", "write" means the "write method". This presupposes that all objects implement methods called "read" and "write". This evolved into a somewhat confusing discussion that resulted from a lack of distinction in language between what ebXML supports for providing access controls on adding, modifying, or deleting entries in the registry versus access control on the execution of processes defined by entries in the registry. Gilbert Pilz pointed out that CORBA solves the later by providing another level of indirection that relates the rights required to execute a given method. However, it became clear that the use cases under discussion relate to the former, i.e. access control on using the registry itself. Philip Hallam-Baker pointed out the need for an administration used case, i.e. how does one administer policies. This resulted in a discussion of "policies about policy access". Gilbert Pilze pointed out this could create an infinite recursion. Consensus was reached that some "root" access control policy needs to be defined to prevent this. Suresh Damodaran pointed out this is part of the means by which ebXML registries can boostrap themselves. 12:03 PM Agenda Bashing (Simon Blackwell) Jeff Hodges: Wishes to talk about RFC 3060. Sandilya: How does XACML apply to Web Services? Phil: Two questions: Will XACML be specified as a Web Service? Can XACML be used to protect Web Services? Tim Moses: At some point we have to get down to the specifics about the work to be done. Simon: I had hoped the sub-committees would self-define this work. However, this has not happened, so we should start to define the work items. A comment by Simon Blackwell "How does our work relate to the other work at OASIS? TREX et. al. We will have to decide about how we wish to represent our schema, DTD's, TREX, XML Schema," lead to a short discussion regarding this topic. It was pointed ou that SAML uses W3C XML Schema and Trex is no where near a standard yet. After this there was a vote that carried with no abstentions or objections to adopt the W3C XML Schema specification for XACML use. Simon Blackwell said he would notify the TREX TC. Suresh: Would like to discuss RFC 2906. Suresh: Would like to go over the use cases and see if we can pull out any common themes. 12:20 PM Lunch
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC