OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] XACML November 14, 2002 Minutes

Title: XACML Conference Call Minutes

XACML Conference Call

Date:  Thursday, November 14, 2002

Time: 10:00 AM EDT

Tel: 512-225-3050 Access Code: 65998



Reviewed open action items and discussed any additional announcements that should be made. Don brought up the issue of submitting a binding to WSS. It was decided to take no action unless use cases can be developed that prove a binding to be relevant. We reviewed the list of submitted change requests and resolved them.


Action Items

  1. Anne Anderson to get comments to Tim Moses on the use of LDAP to store policies by 12/13
  2. Anne Anderson to update the digital signature profile by 12/20
  3. Hal to propose XACML changes for SAML 2.0.
  4. Simon to create SAML profile document (due after finalization of spec) by 12/20
  5. Hal Lockhart to release updated XACML primer by end of week
  6. Committee chairs will coordinate publicizing of public review
  7. Anne to have preliminary updated conformance tests posted to web by tomorrow and the final updated tests will be available by 11/21.
  8. Polar to post announcement to CORBA mailing list
  9. Hal to post announcement to W3C mailing list
  10. Carlisle post announcement to Liberty mailing list




Voted to accept 11/7 meeting minutes


Proposed Agenda:

10:00-10:05 Roll Call and Agenda Review
10:05-10:10 Vote to accept minutes of November 7 concall
10:10-10:15 Review action items from minutes
10:15-11:00 Discussion of public comments on XACML 1.0


Roll Call


Raw Notes (taken by Ken Yagen)

Agenda Discussion

WS-Security Binding Brought Up

Will we be sending a bindings document to WS-Security? Was raised in subcommittee and not addressed. Did we agree to go with SAML binding? That would be fine if wrapped in SAML assertion (which we have not done yet). If use XACML as authorization statement in QOP (Quality of Protection) for WSDL binding. Tim is concerned that we have not considered all circumstances. What would the time deadline be for WSS to propose a binding? What are the semantics or use cases? Tim suggested privacy policy. We should come up with acceptable use cases. XRML references license in WSS header as a security token and use it as an id so they can sign the document. Some might be driven by QOP work. We should continue to think about it but unless use cases can be developed, doesn't seem likely that a binding is necessary.


Minutes of 11/7 meeting approved


Action Item Review

Anne's items in progress

Hal proposed text and schema for SAML for initial issue. Remaining changes are targeting SAML 2.0. Issuer changes require major schema change and are probably SAML 2.0 changes as well.

XACML primer still in progress. Hal hopes to have something out today

1.0 Spec generated and posted to web (word and pdf) and notice sent to Karl

Posted to PKIX, Apache XML, PKI group at Dartmouth, Shibboleth, VaTech group

Polar to post to CORBA

Regarding announcements, what are going on with conformance tests. The ones on web are not updated. Anne will get a preliminary set today and should be posted tomorrow. By 11/21 the full updated conformance tests will be complete.

What about posting notice to W3C? Where to post? How to target security people? Maybe XKMS? Hal will take an action item to post it. Sun is W3C member.

What about MPEG? They selected XRML but had some interest in languages in this area.

Any value to post to Liberty sites. Carlisle will take the liberty action item.


Discussion of public comments on XACML 1.0

Appendix B.1 says that two namespaces are defined, but there are three URIs there.  The URI for XACML datatypes should be removed? It's not used as a namespace, you must always spell out whole URN.

Action: No objection, will remove datatype URI


Sections A.2 (Primative types) and B.4 (Data types) include date and dateTime, but not time. The time type is used by many functions and at least one standard attribute, and should be on those list.

Something was edited in B.4 section that did not make it in. time was in set of edits that didn't get in. Need to submit issue to xacml-issues list.

Action: Change accepted


'...element from each of the policies or policy' the word 'policy' is *half* bold.

Action: Change accepted


0003c. line 1039:

starting with line 1039 the examples are color encoded. The snippets prior to this are not. given the darkened background I think that the color makes it harder to read (and print), but either way i think that it should be consistent (sections 5 & 6 go back and forth twixt the two). this continues thorough [portions] of the primer.

Action: Easier to just remove color encoding


Minor edits to formatting all accepted:

0003b. line 793:

0003d. line 3278:

0003e. line 3291:

0003f. line 3385:


0003g. line 3399:

'[IBMDSA]' i thought that the IBMDSA reference was replaced with an IEEE spec throughout the doc, or was this only in a specific instance?

Action: Change accepted


0003h. line 4277:

'first argument of  Anderson@sun.com?' question mark should be quotation mark

Action: Change accepted


0003i. line 4434:

'      urn:oasis:names:tc:xacml:1.0:resource:scope' leading spaces or indentation (should be left margin aligned)

Action: Change accepted


0003j. finally, there seems to be some squooshing going on with lines 2618, 2742, 2778 in the pdf. can others confirm?

Action: Change accepted


all of the functions defined as type-* (like the type-one-and-only function) need to have a time-* version added in 10.3.8 (and maybe elsewhere, though I don't think so)

Action: Change accepted


MatchId functions used in a target take one AttributeDesignator or AttributeSelector argument, and one literal AttributeValue argument...

Action: Rejected


Section A14.5 still lists a present function. I think the decision was to remove this functionality entirely for the time being.

Action:  Accepted


0007a. 10.3.7: dayTime and yearMonth durations should read "xquery-operators" not "xquey-operaqtors"

Action:  Accepted


0008a. In draft 18f section 5.30, 5.31, and 5.32 documents the AttributeIsPresent elements, but the 18f schema doesn't contain these.

Action:  Accepted


0008b. Also, the 18f schema contains the QualifiedSubjectAttributeDesignator element, but this isn't described in the 18f draft, it first appears in the conformance tables 10.3.1

Action:  Accepted


in a number of sections in 10.3 (10.3.2, 10.3.4, 10.3.5, 10.3.6, 10.3.7) the 'u' in 'urn' has become a 'U'

Action:  Accepted


Also reviewed several additional ones that have come in since Anne published her list and accepted them.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC