OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] Minutes of TC meeting 19 Sep 2002

Title: Minutes of TC meeting 19 Sep 2002

Minutes
Meeting: XACML TC
Date: 19 Sep 2002

Present: Carlisle Adams, Anne Anderson, Michiharu Kudo, Hal Lockhart, Simon Godik, Tim Moses, Polar Humenn, Steve Anderson

Note: the meeting achieved quorum

Agenda

See ...

http://lists.oasis-open.org/archives/xacml/200209/msg00121.html

Additions to the agenda

Simon Godik requested an agenda item to discuss the rule evaluation truth table.

Acceptance of minutes

The minutes of the TC meeting on Sep 12th were accepted.  See ...

http://lists.oasis-open.org/archives/xacml/200209/msg00090.html

OASIS procedure

Carlisle Adams briefed the meeting on recent changes to the OASIS procedure. OASIS recently distributed a note explaining changes in their procedures.  The note described some minor procedural changes, and assigned action items to TC chairs concerning keeping their membership lists current. 

More significantly, the OASIS acceptance procedure for a standard now includes a mandatory public review period of at least 30 days.  If this results in changes, then a further public review period is required following implementation of the changes.  A committee spec may then be submitted to OASIS for consideration as an OASIS standard on the 15th of any month.  Karl Best will then take no more than 15 days to ensure the submission is complete.  This is followed by a 30-day period for familiarization and voting by OASIS members.  Hal Lockhart said that it is currently unclear under what circumstances a specification change must result in a new public review period; further clarification is required.

Carlisle said that the earliest possible date for submission of the XACML committee specification to OASIS is Nov 15th.

Action items

The meeting then reviewed the outstanding action items
1. Anne Anderson to update change request list - done
2. Michiharu Kudo to complete XPath specification - ongoing
3. TC to vote on the new wording of the charter - voted to approve
4. Anne Anderson to get comments to Tim Moses on the use of LDAP to store policies - ongoing
5. Anne Anderson to update the digital signature profile - ongoing
6. Anne Anderson to send a request to SAML for changes based on the XACML context - ongoing
7. Tim Moses to make a separate document for the SAML profile - ongoing
8. Hal Lockhart and Konstantin Beznosov to produce an XACML primer - ongoing (Konstantin has circulated an outline)
9. Polar Humenn and Michiharu Kudo to post a summary of their proposal on the topic of "higher-order" functions - ongoing

10. Simon Godik to post the updated schema - done (but a newer version is expected today; this will be version 16j)
11. Polar Humenn to post his proposal for using "higher-order" functions - ongoing

New issues

1. Simon Godik raised the question of the rule evaluation truth table for the case in which the target is indeterminate.  Polar Humenn has already posted a proposed solution

http://lists.oasis-open.org/archives/xacml/200208/msg00188.html

and

http://lists.oasis-open.org/archives/xacml/200208/msg00189.html

It was asked why we don't have a similar truth table for policy.  Carlisle Adams offered to create this.  Tim Moses mentioned that the relevant section in the specification (4.3.1.4) is being moved to Section 5.

2. Simon Godik asked about the status of change requests #32 and #39.  It was confirmed that these changes have been approved.

3. Simon Godik requested the addition of a DataType XML attribute  to the AttributeDesignator element, to be consistent with the contents of the AttributeValue element.  Discussion was deferred until the following sub-committee meeting (immediately following this TC meeting).

Functions specification draft

There followed a discussion of the proposed list of XACML functions.  It has been identified that matching functions may be used in target and in the subject attribute part of conditions.  These functions may also be used in dealing with "bag" type functions.  In all these cases, XACML syntax allows only one function to be specified for matching purposes.  Therefore, the full set of inequality operations cannot be produced by combining a not operation with the complement of the desired operation.  For this reason we seem to have to be able to specify all inequalities as single operations.

Because targets identify discrete points, there should be no reason to use inequalities in this part.  But, the other uses, listed above, may require inequalities.

It is know that Daniel Engovatov holds strong views on this topic.  But, he was not able to participate in this meeting.  The meeting, therefore, carefully reviewed his submission in ...

http://lists.oasis-open.org/archives/xacml/200209/msg00138.html

A motion was made: "Approve version 0.11 of the "function" spec with two changes
1) equality and matching functions are the only ones allowed in target, and
2) expand the set of functions to include all inequality operators for use in the subject match condition".
The motion was approved by the TC.

Michiharu Kudo asked whether a regular expression match would be permitted in target.  Polar Humenn said "Yes".  He also asked whether the RFC822 name match was permissible in target.  Carlisle Adams said "Yes".

XACML token submission to WSS

Tim Moses gave a summary of the discussion at the WSS face-to-face meeting on policy token attachment to SOAP messages.  Simon Godik said that attaching decision assertions is more important than attaching a policy.  An XACML policy could be in a SAML decision assertion.  An XrML license is essentially a decision assertion.  Given our priorities, it was decided that the XACML TC may provide the WSS TC with an application note explaining how XACML can be included in SAML for use with SOAP, and explaining its significance for the SOAP body.  But, this will not be addressed immediately.

The TC meeting was closed at this point.

The sub-committee convened.

1. The sub-committee returned to the discussion of the use of the DataType XML attribute in the AttributeDesignator element.  After much discussion a vote was held on the motion to make the DataType XML attribute mandatory in the AttributeDesignator element.  Result:

for - 1
against - 2
abstain - 2
Simon Godik withdrew his suggestion.  He will also delete the DataType XML attribute in the AttributeValue element in the next version of the schema.

2. Michiharu Kudo, in his message:

http://lists.oasis-open.org/archives/xacml/200209/msg00140.html

proposed the addition of two new functions for processing XPath values. 
It was agreed.  Polar Humenn asked Michiharu to provide references to the function definitions.

The sub-committee closed at this point.

-----------------------------------------
Tim Moses
Tel: 613.270.3183

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC