[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] XACML October 3, 2002 Minutes
XACML TC General Body Meeting Minutes 3 October 2002; Time: 10:00 AM EDT Present: Anne Anderson (scribe), Bill Parducci, Carlisle Adams, Hal Lockhart, Michiharu Kudo, Tim Moses, Simon Godik, Don Flinn, Daniel Engovatov. Quorum. -Postpone approval of minutes from 26 Sept 2002 until next meeting since people have not had time to read. -Action items from 26 Sept 2002 minutes are all post 1.0, so we did not go over them. -Discussion of how to clean up final edit changes to the document. Decision to schedule an editing session. See SCHEDULE below. OUTSTANDING CHANGE REQUESTS =========================== APPROVED 64-67, 70-71. The subcommittee had recommended approval for all of these, and this was a quorum vote to confirm that. 68. Discussion -Agreed that supporting multiple identities per subject entity is important. Hal and Anne have use cases. -Need to match attributes with the authn-method, so can say "User must have been issued a manager group attribute to her x500Name identity" -Need examples, use cases. -SubjectAttributeDesignator is ALWAYS under a function, so it can pick up its implied Datatype from the function. SubjectAttributeDesignator will ONLY select elements of the function's -Attribute not associated with particular ID, but can be associated with a particular issuer. APPROVED: Put Datatype back into context. APPROVED: Put subject-category as optional xml attribute in SubjectAttributeDesignator 74. Discussion APPROVED: Put Datatype back into Policy also. -If Datatype says "xs:integer", but Function is "string-match", what happens? OK if conversion is allowed. -Michiharu: every type can be converted to string. APPROVED. Say "If string is of the format required by a datatype, then it can be converted to that datatype." Also XPATH specifies promotions for certain numeric datatypes. "Every type can be converted to string." APPROVED: Datatype has default "xs:string". 69: REJECTED. See #68 and #74. 72. REJECTED. See #68. 73. keyInfo-match function? Very complex match function. REJECTED. Add text to Appendix A saying: use XPATH and AttributeSelector to match on this for 1.0. We could define specific attributes for elements in the KeyInfo in the future. Add text to Context Handler description 2.9 line 500, saying, for SAML, attributes have been supplied for flattening SAML structure. ACTION [MICHIHARU]: send sentence for Context Handler to Tim. ACTION [ANNE]: send description of how to handle KeyInfo to Tim. Write for the Functions Appendix A.3 Structured Types. SCHEDULE ======== -Carlisle will be out of the country next week. Will try to call in Thursday, but no guarantees. Hal will chair on Monday and Thursday if Tim is not there. -Tim will be out Tuesday pm - Friday. -Appendix B needs description of dateTime format. Discuss on Monday. -How to handle reference to LDAP attribute? How does a PAP know that a particular attribute should be used in a particular way? Discuss Monday. ACTION [Simon]: Sections 5 and 6 by Monday afternoon. ACTION [Tim]: will get 1.0 out on Tuesday. No change bars. ACTION [ALL] e-mail itemized changes if you can't call in Monday. -Mon 9 Oct: editing session during the 2-hour meeting. READ SPEC V17 AHEAD OF TIME. Have your list of changes marked up already. Go through line by line with people supplying necessary changes. ONLY if you can't make the phone call, send editing changes to the mailing list, giving for EACH change: line#, Section #, Section Title, Paragraph# within Section. -Tues 8 Oct: 1.0 comes out -Thur 10 Oct: Vote on SC -Thur 10 Oct: Hal forwards SC to Karl Best to start 30-day review process. -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC