OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] Minutes of February 6, 2003 meeting...

Title: Proposed Agenda February 6 Concall. QUORUM REQUIRED...

Minutes of XACML Meeting, February 6, 2003

(See agenda, included below)


Attendees:  Hal, Carlisle, Tim, Michiharu, Steve Anderson, Simon, Bill, Steve Crocker, Polar, Anne, Gerald.  (Quorum achieved.)


Vote to approve minutes of Dec. 5, Dec. 12, Jan. 9, and Jan. 23 meetings:  moved (Hal); seconded (Anne); no dissention.  (Minutes approved.)


ISTPA discussion with Michael Willett:  ISTPA looked at the "Fair Information Practices" and found that they were too high-level (not detailed enough to help developers).  ISTPA is building a framework to allow programmers to implement some of these privacy requirements.  Important requirement is to bind personal information to preferences of user.  Privacy policy/preferences/permissions bound to personal information.  Note that "bind" includes cryptographic techniques as well as pointer to database, etc. (i.e., notion is meant to encompass "bind", "associate", "affiliate", etc.).  ISTPA has designed about 10 privacy services and capabilities; there are lots of examples in the document.

[NOTE:  the above ISTPA notes are a bit sketchy.  See the document and the accompanying slides that Michael has circulated for further details.]

Anne:  "rights management" deals with the handling and transfer of rights throughout the life cycle of the content; "access control" deals more with the expression of policy.

Hal:  suggestion to Michael:  what you're looking for (i.e., binding of preferences to personal information) may be more in scope for the Rights Language TC.  However, they've recently backed off a bit on their language being a rights language, and now talk about it as a general-purpose authorization language.

Michael:  thanked everyone for their time and input and signed off.


Discussion regarding negative vote on XACML 1.0:  people preferred option 1 over options 2 and 3 below.  Hal suggested replacing the first sentence of the third paragraph with something about many members believing that useful RF implementations of XACML 1.0 can be created.

After some discussion, the following wording was APPROVED as a replacement for the first sentence of the third paragraph of option 1 below:  "It is the belief of the TC that useful and fully-compliant implementations of XACML 1.0 can be created that are royalty free."  Carlisle will send the official response to Karl Best and copy the TC.


Discussion regarding revisions to the spec:  Hal:  it would be good to have the official document (as approved) on the Web site, as well as a separate errata document.

Anne (after some discussion regarding what is allowed to be changed in the 1.0 spec):  what we need is an official decision from the OASIS board.  We'll do whatever they allow.

Hal:  motion:  make official spec as updated as legally allowed (this might be nothing, typos, or minor corrections; we'll let them tell us) and ensure that all corrections are available to developers on Web site.  Seconded (Anne?); no dissention.  (Motion approved.)  Carlisle will contact Karl to find out what changes (if any) we can make to the 1.0 Standard.

The next TC meeting will be February 13, 2003.  At that meeting we will discuss errata and the creation of a going-forward draft.


Discussion regarding future work:  Anne:  SAML profile; XML Signature profile; etc.

Hal:  let people propose additional work items ("unfinished business") to the list over the next week.  On the 13th we can decide what to do with these (1.1?  2.0?).


Motion to adjourn.


Proposed Agenda:
10:00-10:05 Roll Call and Agenda Review
10:05-10:15 Vote to accept minutes of December 5, December 12, January 9, and January 23 concalls
10:15-10:25 Discussion of ISTPA and possible collaboration with XACML (Michael Willett)
10:25-10:35 Discussion AND VOTE regarding what to do with negative ballot on XACML (Carlisle) **
10:35-10:55 Discussion of errata list and Tim's OS 1.0 specification (Simon, Tim)
10:55-11:00 Discussion of next steps for XACML:  nothing?  1.1?  2.0?  (Carlisle)


** One OASIS member organization cast a negative ballot on XACML 1.0.  The reason given in the ballot was "We think, OASIS standards must be royalty free."  It seems to me that we have three possible options for a TC response:

1) Dismiss the comment on the basis that the TC has already done its best with respect to this issue:

2) Dismiss the comment on the basis that it is impossible and unnecessary to satisfy the comment:

3) Agree that OASIS Standards should be royalty free and withdraw XACML from consideration as an OASIS Standard.  [This one is undesirable to me because it implies that XACML cannot be implemented in a way that is free of royalties, but no one has ever claimed that this is the case.]

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC