[xacml] XACML May 30, 2002 Minutes

[Ken Yagen <kyagen@crosslogix.com>]

Title: XACML Conference Call Minutes

XACML Conference Call

Date:  Thursday, May 30, 2002

Time: 10:00 AM EDT

Tel: 512-225-3050 Access Code: 65998

 

Minutes of Meeting

 

Summary

After a review of the action items, discussions focused on the Rights Language TC. Hal and Carlisle both attended the F2F and conference call. The group appears to be dominated by ContentGuard and Microsoft, although participants from a half dozen other companies were present. XrML was accepted as a submission with some reservations. Hal and Carlisle see a large overlap of this standard and XACML with the main difference being terminology and this could threaten XACML's viability. Hal has agreed to put together a list of XACML work that could enhance the Rights Language standard. Carlisle encouraged other XACML TC members to review the minutes of the F2F and get involved to support XACML's position. There also seem to be a large number of IP/Patent issues arising around Rights Language standardization.

The subcommittee updates were skipped because of missing participants or no progress has been made. TC member input is needed to update the issues list and close existing issues and update new ones. A vote was held to change the meeting frequency to speed up the process. The meetings will now be held weekly, rather than biweekly with the next meeting on 6/6.The results of the F2F vote was to have it on 6/20 - 6/21 in LA. Carlisle will poll to see who can attend that meeting to determine if we will have sufficient quorum and input.

 

Action Items

1. TC to approve minutes of 5/16 at the next TC Call
2. Ernesto and Anne to provide non-normative examples of policy signatures
3. Carlisle to query Karl Best regarding IBM IP Statement
4. Michiharu to query IBM IP regarding time estimate for responding to OASIS
5. All - submit any issues related to SAML changes to issues list (no deadline assigned but SSTC is putting together a work list right now)
6. Michiharu to submit example app before 6/3 Schema call
7. Anne to submit single, more concise example by 6/13 TC Call
8. Ken to issue next version of issues list before 6/13 provided input from TC (see next issue)
9. All - review issues list and submit resolutions for issues that have been resolved by the TC or proposed resolutions for issues you believe can be closed. Also, provide any information on new issues not included in the list.
10. James to work on section 10 of S&P spec over next few weeks (6/13?)
11. Carlisle - Will put out an email with a proposed date and time of next F2F and finalize on next weeks TC Call.

 

Action Items on Hold

12. Hal to take over section 6 of specification (on hold until XrML issue resolved)
13. XACML primer from Hal and Konstantin (on hold until clean up context issue. Due Date is 6/13)

 

 

Votes

Voted to move TC calls to weekly basis at the current time and format (10 AM EDT, 1 hour)

 

Proposed Agenda:

10:00-10:05 Roll Call and Agenda Review
10:05-10:10 Vote to accept minutes of May 16 meeting (postpone to next TC call?)
10:10-10:20 Review of Action Items (see 5/16 minutes)
10:20-10:25 Summary of Rights Language TC meetings (Hal, Carlisle)
10:25-10:40 Report of Schema Sub-Committee (Ernesto)
                  Security & Privacy Considerations (James/Polar)
                  Conformance (Ken/Polar)
10:40-10:50 Discussion of Overall Status (Ken) (in particular, are items on the issues list getting closed?  are we progressing toward Sept. 1st?)
10:50-11:00 Discussion of next face-to-face meeting:  date; place (Carlisle)

 

Roll Call

James MacLean, Affinitex

Simon Godik, Self

Ken Yagen, Crosslogix

Hal Lockhart, Entegrity

Carlisle Adams, Entrust

Tim Moses, Entrust

Don Flinn, Hitachi

Konstantin Beznosov, Hitachi

Michiharu Kudoh, IBM

Bill Parducci, Self

Polar Humenn, Self

Anne Anderson, Sun Microsystems

 

Raw Minutes (taken by Ken Yagen)

10:05 Roll Call - quorum achieved

 

10:09 Agenda Review

Anne - propose extend Thursday call to weekly call

Carlisle - SAML did a similar thing. Will add an item to end of agenda to discuss expanding frequency or length

 

10:10 Accept Minutes of 5/16 Meeting - Posted late yesterday so will postpone for next call

 

10:11 Action items from last meeting

1. Ernesto and Anne to provide non-normative examples of policy signatures

Anne - Ernesto emailed he is working on that

2. Statement from IBM w/r to IP for XACML

Carlisle - Karl Best pursuing, will give him another prod. Looking for similar statement as given ebXML policy. Would like to see a similar statement for XACML.

Michiharu - already asked IP but no official answer yet

Carlisle - If not a statement, a time estimate

Hal - expected will get entangled with Rights Language IP

3. Ernesto to post to list W3C work regarding capability for signing at the element level

Anne - similar to action item 1

4. Simon write example of rules with proposed structure

Simon - completed and posted to list

5. Extend context principal to cover J2ee semantic

Anne - Posted and discussed

6. Talk to SAML to extend schema to cover obligations and etc

Still collecting stuff for SAML and will submit when have a complete list. SAML is creating work items for next version of SAML.

Anne - encouraging people to get issues into issue list under SAML section

Carlisle - if you can think of any changes to SAML 1.0, should collect into issues list under SAML section. Should be done fairly soon.

Anne - would be happy to discuss them with Eve Maler and submit through her at a SAML meeting.

Ken - would like to get the next version of issues list out so please send issues to me or post to list in the next week.

7. Hal to take over section 6 of spec

Hal - put on hold for moment while addressing rights management

Carlisle - any disappearing because of context discussions?

Hal - don't think so

8. XACML primer from Hal and Konstantin.

Assume on hold until clean up context discussion. Date is 6/13

9. Michiharu and Anne update descriptions for example applications

Michiharu - just started to make example. Should finish up by next Monday and will try to post before 6/3

Anne - context principal is the biggest area where there is a problem. Group is reviewing proposals and looking for best approach. May come up with a single more concise example by next TC Con Call (6/13)

10. Michiharu to post description of patent.

Carlisle - Have given verbal and pointer to patent number. Possible to translate the application or claims?

Michiharu - English version is available and posted doc number to list. You can access English version of patent.

Carlisle - application number, not issued patent, so can it be viewed? Email 5/3 gave application number, filing date and publishing date. Did not think you can view by app number?

Hal - Some applications under NDA, but if not, then you should be able to access them.

Anne - description of areas that would be impacted. As far as I'm aware, obligations is the area impacted.

Carlisle - anyone who implements XACML needs to make that decision for themselves.

11. Next F2F - on agenda

12. Issues list - on agenda

 

10:25 Rights Language TC

Carlisle and Hal both attended F2F and TC Call

Hal - Meeting was at ContentGuard in Maryland. ContentGuard, Microsoft and half-dozen others. Number were involved in DRM standardization for a long time. Two view expressed. If everyone clings to IP in this area (ContentGuard, InterTrust, IBM) effort to standardize will be a failure. If the process looks like a rubber stamp of XrML or controlled by MS won't be accepted broadly. Group agreed to accept ContentGuard submission and roughed out a schedule. Desire to do rapidly to accommodate needs of MPEG committee. IBM participant is the chair of the MPEG committee. Large number of other organizations interested in a standard in this area. Carlisle and I are convinced substantial overlap that don't see how they can go forward independently. Work done to make XACML work in certain environments could be lost if no one ends up using XACML. They are too similar to divide usage. Many situations there is implied copyright so it is a DRM issue and therefore falls under their definition. Point 1 - Seems likely whatever we do, the issues around the patents are going to interfere. Point 2 - Don't see how these activities can proceed independently and produce two specs. We are very robust and Rights Language has specific features for DRM world.

Carlisle - minutes were circulated so recommend people look at the minutes.

Hal - They mentioned idea of OASIS TC owns the base specification and groups would build on top of that in layers for specific areas of interest. Like MPEG and TB Anytime building on top of each other. One item is to propose a governance scheme that would say between TC and MPEG, who owns what and how to things get changed.

Carlisle - ContentGuard and MS had half the people there. Some others present were quite vocal for open review and input and clearing up patent issue. XACML has allies in that group. Strongly encourage XACML members join up and act in XACML's interest.

Hal - Possible that battle over patents could stalemate the TC from making progress but suspect in that case we will have to deal with same IP issues.

Tim - Agree with assessment that Authorization and Access Control are indistinguishable from Rights Management but in minds of lay people there is a distinction. Separate in peoples minds the differences.

Hal - If that group produces a spec, MS might decide that's how they will do access control in web services.

Tim - Are we insulated since we have a lineage of use of XACML like in some of the participating companies.

Tim - TNI - Trusted Network Interpretation of Rainbow Series

Hal - Many companies don't have deep pockets to litigate over this.

Bill - IBM has IP so they may challenge or agree to Rights Language over web services.

Hal - Intend to pursue if there is a sensible way to take our features which are absent from XrML and propose a way to combine the two specifications. They are remarkably similar but different terminology (right vs action). Promised to write up list of differences.

Don - Have you looked at actual patents?

Anne - Legal counsel said it would cost $15K to have someone look at patents

Hal - Spoke with Bob Blakely about these issues. He said IBM's understanding, that their current rights product does not infringe on ContentGuard's patents and would stick with that in face of a standard's specification that required use of patents.

Carlisle - were a few people in room that had not heard of XACML and were interested in reviewing our specs. Asked ContentGuard for statement on patent application to XACML (required to via OASIS membership)

James - We've done some work with Intertrust so I could query them for assessment on IP in relation to XACML.

Hal - Intertrust has multiple patents but did not get impression participated in XrML in any form.

James - InterTrust is in process of suing MS over infringement of patents.

Anne - could we gain any protection if we sited prior work that was before application date of ContentGuard?

Hal - Useful information but has not legal protection.

Tim - Suggestion that people are aware of preexisting technologies, think about it in relation to ContentGuard patents and post those to list if becomes clear that it is useful.

 

10:55 Report of Schema Subcommittee

Ernesto not on call

 

10:55 Security and Privacy Considerations.

James - over next few weeks can work on section 10

Polar - Cannot work on any of these over next month. (S&P or Conformance)

 

Issues list - action item for everyone to review issues list 7 and send information to Ken on what we have closed or discussed.

 

10:59 - Suggestion we increase length or frequency. 2 hours or every week.

Hal - shortens cycle to get things approved.

Ken - will help to get action items completed.

Hal - have a separate meeting if any specific items.

Anne - Motion to move TC Membership calls to be weekly at same time slot.

Hal - Time limit for change?

Carlisle - No

Motion was accepted. Next call will be next Thursday 6/6.

 

11:01 Next F2F

Carlisle - votes are in - 5 Boston, 5 Ottawa, 7 LA. Few said either, 3 20/21, 1 for 19/20. Via majority, LA for 6/21 and 6/22.

Anne - Does that mean only 7 will attend?

Hal - what's the agenda? Some work could be done by a small group but broad issues would need more participants.

Anne - Can we move towards a model where people are submitting actual changes to specification so we can resolve those rather than discussing back and forth.

Carlisle - So is the suggestion we don't need a F2F at all.

Simon - Taking into account XrML under pressure to complete work. I was thinking F2F would be to stamp the schema.

Anne - agree but only if sufficient people to advance agreement.

Ken - Poll on the list of who will be attending LA 6/20 and 6/21.

Carlisle - Will put out an email with a proposed date and time and finalize next week TC Call.

11:10 Motion to adjourn