[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] Draft minutes (take 2)
Draft minutes Committee: XACML Date: 2 Oct 2003 Present: Daniel Engovatov Michiharu Kudo Polar Humenn Tim Moses Rebekah Lepro Tony Nadalin Seth Proctor Anne Anderson Frank Siebenlist Jamie Clark Chair: Anne Anderson for Hal Lockhart and Bill Parducci 1. The meeting came to order at 11:00am Eastern. 2. Rebekah introduced herself. She has been following the XACML activity for some time, and recently decided to get actively involved. Her interests include distributed authorization in a GRID architecture. 3. The agenda was reviewed and agreed. 4. WSPL vote The question of whether or not WSPL is within the scope of the XACML TC charter is open. Jamie explained how OASIS deals with such issues. The OASIS staff strongly encourages TCs to sort these issues out for themselves. This can be achieved by a simple majority vote. Anyone who disagrees with the outcome can appeal to TC admin (Karl and Jamie). Jamie listed three possible avenues: a. Approve the specification and see if anyone objects; b. Don't approve the specification and have someone raise the issue with staff; and c. Modify the specification such that it is incontrovertibly in-scope. A motion was put to the meeting: The XACML TC asserts that the current draft of the Web-services profile specification, modified to apply only to access-control, authorization and entitlements, is within the scope of the XACML TC charter. For: 6 Against: 2 Carried. Tony raised the point that, with this new limitation on the applicability of the specification, the opportunity for different aspects of policy to be solved in different ways exists, and that this was not desirable. This was generally agreed. It was felt that a new TC should be chartered to come up with a common scheme for all aspects of policy in the Web-services architecture. Tim offered to organize the first charter discussion, and anyone interested in participating should let Tim know his or her availability over the next week. Tony, Anne and Frank offered to participate. Tony said that WSPL bears some similarity to a document presented to the WSS TC and that the contributors of that document made no explicit statement concerning IP. Tim pointed out that the document in question had been prepared under OASIS IP rules. Frank made a suggestion to split the document into two parts: one to specify an algorithm for combining instances of XACML and the other to address ways of associating policy instances with interfaces. It was agreed to consider this proposal at the upcoming face-to-face meeting, at which time we would have available the revised specification and the results of initial charter discussions. 5. v2 work items Anne went through the list of proposed work items for XACML v2. 1. Grid requirements. 2. Location information (Anne and Daniel will submit proposals for discussion at the face-to-face). 3. Multiple actions per request. 4. Multiple resources per request. 5. Privacy requirements (no champion). 6. Domain-specific identifiers. 7. Condition reference (for discussion at the face-to-face). 8. RuleId reference (for discussion at the face-to-face). 9. Hierarchical entities (for discussion at the face-to-face). 10. Parameters for combining algorithms (for discussion at the face-to-face). 11. Extension points (awaiting a proposal from Simon). 12. Including Environment in target (for discussion at the face-to-face). 13. Making the target element optional. 14. Requirements for signature enveloping. 15. Requirements for encryption. 16. XACML Policy in SAML Response Conditions Candidate for closure, since the discussion at the SAML F2F determined that the use case requirements could be satisfied without it. 17. XACML policy in SAML response condition. Candidate for closure, since the discussion at the SAML F2F determined that the use case requirements could be satisfied without it. 18. Obligations in rules. (possible discussion at face-to-face) 19. Rule as lowest administrative unit (for discussion at the face-to-face) 20. Non-normative implementation guidelines. 21. Primer. 22. Time-in-range function (Seth has provided a proposal for discussion at the face-to-face). 23. Xquery comparison functions (a proposal has been made for discussion at the face-to-face). 24. Schema for function definitions (Daniel will submit a proposal for possible discussion at the face-to-face). 25. Function for comparing file system pathnames. Remaining work items still to be reviewed 6. Next meeting The focus group will meet on 9th Oct to continue considering the v2 work items. There was discussion about canceling the TC meeting on the 16th. But, it was agreed to use the meeting to refine the agenda for the face-to-face. 7. The meeting adjourned at 12:00 noon.