OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [xacml] XACML August 29, 2002 Minutes


Title: XACML Conference Call Minutes

XACML Conference Call

Date:  Thursday, August 29, 2002

Time: 10:00 AM EDT

Tel: 512-225-3050 Access Code: 65998

 

Summary

Reviewed action items and all requested items were complete. Made progress on the XACML primer by setting a date to put together an outline of topics and asked for committee input. Discussed the issues list for technical changes. See voting section for results. Also, there will be no subcommittee meeting on Monday because of the holiday. Scheduling was also discussed and the 9/1 approval date of spec has been moved back to either 9/12 or 10/1 depending on how fast we can make progress on issues around function specifications.

 

Action Items

  1. [All] Propose posting proposed solutions to list and table until next TC call. (Ongoing)
  2. [Tim] incorporate SAML split (delete) and editorial changes into a version 17 of the spec by Tuesday 8/27 (Partially complete)
  3. [TC] Vote on new wording of charter proposed by Hal
  4. [Michiharu] convert XSLT to minimal for used for conformance cases (Lower Priority - by 9/5)
  5. [Hal/Konstantin] XACML outline of contents to be proposed by 9/5
  6. [Polar, Anne, others] Post use cases for arguments regarding issue 0007, Make request context Resource Attribute (and Subject) minoccurs=1
  7. [Anne (RFC and X.500) and Michiharu (XPath)] post pointers to function specifications of these to the list based off 0.8 document posted by Polar on 8/27
  8. [Anne, mid-Sept 2002] Get comments to Tim on profile for using LDAP to store policies.
  9. [Anne, mid-Sept 2002] Update XML Digital Signature profile.
  10. [Anne, mid-Sept 2002] Send proposal for SAML changes based on our Context to XACML TC list.  After TC review and modification, we will send it on to SAML.  Deadline for this is SAML's deadline for finalizing their list for 2.0.
  11. [Tim] Separate SAML document to be created in Sept (Lower Priority)
  12. [Hal/Konstantin] XACML primer needs to be completed in Sept (Lower Priority)

 

Votes

Voted to accept minutes of 8/22 meeting

The following issues were voted on and approved:

0002. [Anne] Add mandatory action-id attribute

0003. [Anne] Add optional action-namespace attribute

0004. [Anne] Add optional action:implied-action identifier

0005. [Anne] Change <Result> ResourceURI xml attribute to ResourceId

0006. [Anne] Add missing-attribute identifier for StatusCode

0010. [Anne] allow more than two arguments to "add"

0011. [Carlisle] state *Match is matched against AttributeValue

0012. [Carlisle] <AttributeSelector> in <SubjectMatch> should be [optional]

The following issues were voted on and NOT approved:

0009. [Daniel] Function naming convention

 

Proposed Agenda:

10:00-10:05 Roll Call and Agenda Review

10:05-10:10 Vote to accept minutes of August 22 concall

http://lists.oasis-open.org/archives/xacml/200208/msg00120.html

10:10-10:15 Review of Action Items (see 8/22 minutes)

10:15 - 10:55 Discussion of v0.16 technical change requests (all)

10:55 - 11:00 Discussion of schedule for Committee Spec (Carlisle)

 

Roll Call

Ken Yagen, Crosslogix

Hal Lockhart, Entegrity

Carlisle Adams, Entrust

Konstantin Beznosov, Hitachi

Michiharu Kudoh, IBM

Steve Andersen, OpenNetwork

Simon Godik, Overxeer

Bill Parducci, Overxeer

Polar Humenn, Self

Anne Anderson, Sun Microsystems

Gerald Brose, Xtradyne

 

Prospective Members

Piras Vilandai Thiyatarajan, Sun Microsystems

 

Raw Minutes (taken by Ken Yagen)

Piras Vilandai Thiyatarajan asked to become a prospective voting member

Vote to accept minutes of 8/22 call

  1. Michiharu to provide XPATH usage examples by end of day Friday 8/23

Complete

  1. Propose posting proposed solutions to list and table until next TC call.

Ongoing

  1. [Anne, mid-Sept 2002] Get comments to Tim on profile for using LDAP to store policies.
  2. [Anne, mid-Sept 2002] Update XML Digital Signature profile.
  3. [Anne, mid-Sept 2002] Send proposal for SAML changes based on our Context to XACML TC list.  After TC review and modification, we will send it on to SAML.  Deadline for this is SAML's deadline for finalizing their list for 2.0.
  4. Tim will incorporate SAML split (delete) and editorial changes into a version 17 of the spec by Tuesday 8/27

Completed most of editorial changes and split. Updated 16e published

  1. Anne volunteers to pull out outstanding change requests from current mailing list

Complete

  1. Hal to propose new wording of the last paragraph of charter before next Thursday.

Complete

  1. Michiharu to convert XSLT to minimal for used for conformance cases (Lower Priority)

Set date of next Thursday 9/5

  1. Separate SAML document to be created (Lower Priority)

Assigned to Tim, but no date set

  1. XACML primer needs to be completed in Sept (Lower Priority)

Hal and Konstantin. What might it contain? Introduction and explanation of architecture with use of XML. Motivation for the feature - the intent. Useful to put together an outline of topics or abstract. Hal suggested exchanging list of topics before next meeting. Send any thoughts on topics for primer to Hal and Konstantin. Looking to end of Sept for first draft but will discuss outline and contents in next week or two.

 

Discussion of technical changes (10:18)

From Anne's email: Initial set of Change Requests from 8/22/02. See email for rationale

0002. [Anne] Add mandatory action-id attribute

Hal - believe this was voted on previously

Anne - Defined a namespace for actions. Need an attribute for action name since everything is now attribute.

Vote to approve passed

0003. [Anne] Add optional action-namespace attribute

Vote to approve passed

0004. [Anne] Add optional action:implied-action identifier

Where resource name implies the action. Would be value of action id attribute

Vote to approve passed

0005. [Anne] Change <Result> ResourceURI xml attribute to ResourceId

XML attribute in results called ResourceURI and in request called ResourceId so change both to ResourceID

Vote to approve passed

0006. [Anne] Add missing-attribute identifier for StatusCode

Optional for PDP. Is already included in latest draft

Vote to approve passed

0007. [Anne] Make request context Resource Attribute minoccurs=1

Have to have at least ResourceId

Is request does not specify ResourceId as attribute is it a valid request? It would be an invalid request by text interpretation of schema.

Does it apply to every element? Does not apply to subject and action? Maybe that should be minoccurs=1 as well. Every request must identify the resource it is trying to gain access to. What if resource is account but don't know which account it is? Must write policy without subject id if cannot count on it being in every PDP. What if based on attribute of subject (I am a member of  manager group)? Can't write portable policy if don't know what subject information will be supplied. Maybe ResourceId doesn't have to be there but there has to be some attribute of resource? If you mandate there will be a SubjectId and ResourceId, can write a portable policy that guarantees that information will be there. If will mandate something about resource, then you must specify identifiable attribute of subject. By definition, access request must say what want to access but not anything else such as subject information. What if request access to all classified documents? Then PEP is going to be evaluating a policy.

Anne - propose postpone issue and people make a case on mailing list with use cases for either minoccurs=0 or 1 and Subject or Resource. Also, should every request come with ResourceId?

Postponed, no vote

0008. [Anne] list mandatory vs. non-mandatory functions

Oversight in the spec. Names are not correct. Were going to go for type and action function. Where do you specify them and their calculations.

Postponed, no vote

0009. [Daniel] Function naming convention

Daniel proposed underscore, text currently uses hyphen. Michiharu suggested hyphens are supported in XPath. Java/C++ do not support hyphens. Motion to continue to use dashes. When underscores displayed underlined, like in hyperlink, cannot distinguish from space.

Vote not to approve and remain with hyphens

0010. [Anne] allow more than two arguments to "add"

Already changed in function document. All other functions remain with two.

Vote to approve passed

0011. [Carlisle] state *Match is matched against AttributeValue

Spell out semantics to clarify

Vote to approve passed

0012. [Carlisle] <AttributeSelector> in <SubjectMatch> should be [optional]

Listed as required

Vote to approve passed

0013. [Carlisle] <SubjectMatch> in <SubjectAttributeDesignatorWhere> min/max

element has minOccurs=0. Now allow both, but previously not.

No vote taken

 

Nominal voting planned for 9/5 TC Call. Some members will be at another committee meeting and still issues to resolve on functions. Still some consistency issues as well (Polar). Should we set 9/12 as a goal to approve the spec?

 

At JC committee, Karl Best will propose in mid September Oasis board meeting to change rules. Submissions can be any month, not quarterly and approval period will be 2 months. If approved, then we may be able to submit in October or November if ready.

 

Anne suggests beginning of October as more realistic. There are unresolved issues about function semantics and finding specifications for functions or defining them ourselves. (string, date, uri equals, string match, rfc822name match, string >=, etc)

Anne (RFC and X.500) and Michiharu (XPath) will post pointers to some of these to the list.

0.8 Document posted to list on 8/27 (Functions/Semantics) has [Needs Specification] specified where needed. Review that and add pointers.

 

Monday is a holiday. No subcommittee call will be held.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC