OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] Minutes of 23 Jan 2003 conference call

Minutes of XACML TC Conference Call Jan. 23, 2003
Taken by Anne Anderson

1. Roll call and approval of previous minutes.

   Present: Anne Anderson, Steve Anderson, Carlisle Adams,
   Michiharu Kudo, Bill Parducci, Simon Godik.

   Regrets: Tim Moses, Hal Lockhart.

   Did not have quorum, so did not approve previous minutes.

   Ken Yagen has asked for a one-month leave of absence.

2. Michiharu: report on XACML's position in Web Services Security

   Did not have time to go through all the specifications.
   Personal opinion is XACML is related to WS-Trust,
   WS-PolicyAttachments, and WS-Authorization.

   PolicyAttachments description of policy is similar to XACML,
   but there are many differences.  XACML is focused on access
   control policy, but WS-Policy is not.

   WS-Trust has good relationship with XACML, because it returns
   security tokens in response to token request, so this is like
   XACML Request, Response.  WS-Trust has no text saying XACML
   interface can be used, but it would be possible.  The
   authorization assertion (A can access B, in a decision saying
   PDP returns Permit) could be a token.  Use case: XACML used as
   back of WS-Trust server to generate generic XACML response
   context as a security token.

   WS-Authorization: Michiharu has no information about this
   specification or what it means.  XACML might be one instance
   of WS-Authorization, but it may not.  No one actively working
   on this specification and no time frame that Michiharu has
   heard of.

   Carlisle asked about WS-Privacy.  Michiharu says this
   specification is not available on the web site, so he can't
   say anything about it.  Someone is working on this

   Simon asked about new TC that will look at IBM's WS Security
   specifications (WS-Policy, or whole suite), taking XACML (and
   other things) into account.  Simon understands there is such a
   TC forming, or might be a section in WS Security Framework.
   Discussed at last WS Security conference call.  Tim Moses
   brought it up, and got assurances from Microsoft and IBM that
   they will be open to input of people such as XACML
   participants for completion of authorization standards within
   the WS Security framework.

3. Anne: XACML Digital Signature Profile status.

   First draft issued to XACML mailing list.

   Anne will be issuing a new version of the profile
   incorporating comments received internally.

   Simon: look at the SAML Recommendations for using Digital
   Signature.  Need to say why certain transforms used in SAML
   and not in XACML.

   ACTION ITEM: [Anne] look at SAML DSig profile and use it to
   update and re-issue the XACML profile.  Explain any
   differences between the SAML recommendations and those in

4. Simon: report on Errata

   Has been tracking comments coming in, but nothing we need to
   discuss on this call.

   There will be an Errata document maintained on the XACML web
   site containing errors in the XACML 1.0 Specification.  Will
   contain anything we can't change in the 1.0 document as part
   of final standardization edit.

5. Carlisle: Status of XACML voting so far.

   30 Yes, 3 abstain (Microsoft, Authentica, I-Many), 1 No (Ram
   Kumar, MSI Business Solutions, due to IPR issues not clear).
   About 300 members, so a few more Yes votes (and no 

Next conference call will be Feb. 6., 10am EST, 512-225-3050
access code 65998.

Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC