Re: [xacml] Minutes of 1 April 2004 XACML TC Meeting

[Michiharu Kudoh <KUDO@jp.ibm.com>]

>WI #18: Obligations in Rules
>Options are:
>1) Force determinism in which Obligations will be returned by
>    requiring evaluation of the entire policy tree at the cost of
>    efficient evaluation of distributed policies.
>2) Accept non-determinism by not requiring evaluation of entire
>    tree, but allow determinism by use of the ordered-* versions
>    of the combining algorithms.
>3) Drop this work item.  Note that XACML 1.1 allows users to
>    control the trade off between determinism in which Obligations
>    are returned and efficient evaluation of distributed policies
>    by allowing use of the ordered-* versions of the combining
>    algorithms.
>
>Polar is opposed to non-deterministic mechanisms in a standard.

I am ok with both 1) and 2). Option 3) seems to be similar to the option 2)
but still unclear to me. In fact, the determinism of the obligations is not
only the problem of WI#18 but also the problem with the current spec that
allows obligations in <Policy> and <PolicySet>. So I think we should
separate the discussion on determination problem of WI#18 from demerit of
WI#18.

Best,
Michiharu


                                                                           
             Bill Parducci                                                 
             <bill.parducci@ov                                             
             erxeer.com>                                                To 
                                       xacml <xacml@lists.oasis-open.org>  
             2004/04/02 02:48                                           cc 
                                                                           
                                                                   Subject 
                                       [xacml] Minutes of 1 April 2004     
                                       XACML TC Meeting                    
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




XACML TC General Body Meeting Minutes
1 April 2004; Time: 10:00 AM EDT

Attendees:
Anne Anderson
Hal Lockhart
Michiharu Kudo
Steve Anderson
Michael McIntosh
Tim Moses
Simon Godik
Daniel Engovatov
Seth Proctor
Polar Humenn
Frank Siebenlist
Bill Parducci
Ed Coyne
Tony Nadalin

Quorum reached.

Agenda:

1. Minutes from 18 March meeting voted upon. Move to accept: Michael.
Second:
Steve. Approved unanimously.

2. SAML/XACML Attribute Harmony
Key issue: whether it is acceptable for XACML to meet some of the SAML
attribute
requirements, specifically re: ValueType. Data typing, desired by XACML,
will
not likely be adopted by SAML; discussion centered around willingness of
committee to adopt ad hoc mappings during implementation. General feeling
is
that SAML adopters will likely require this functionality in the future,
even
though current implementations may not clearly see the need for such. Anne:
suggest optional elements to address this issue. Hal: felt that optional
attributes is worth defending back to SSTC, suggested discussion at next
SSTC
Focus Group call. The SSTC Focus Group call is Tuesday NOON (ET).

4. Documentation Update (Tim Moses)
Draft 7 in circulation, still missing concrete proposal on a couple of
proposals
(Tim posted to list this morning). Draft 8 pending approval of a few
remaining
Work Items, so currently on hold.

6. Work Items (Anne Anderson)
WI #7: Condition Reference
Need to reach consensus (champions have not worked on since last TC call).
Tim
posted an alternative to Simon's proposal; Simon inquired into placement of
elements; Tim could not find a mechanism to make structure FINAL, and
consensus
was to leave placement of variables freely interspersed. Move to accept
as stated in Draft 7: Anne. Second: Tim. Approved unanimously.

WI #10:
Parameters for Combining Algorithms: Draft version in Draft 7. Michiharu &
Polar
still discussing on list. Issue will parameter sets be in the Type system.
Polar
suggests that it is better to keep parameters separate from algorithms for
grouping and association. It is commonly agreed that there is a Type
system, but
there is significant dissension on the semantics of the sequence of
CombinerParameters and how they are associated with <Rules>. That and the
fact
that Michiharu left the call earlier requires this to be brought to closure
on
the list.

WI #18: Obligations in Rules
Options are:
1) Force determinism in which Obligations will be returned by
    requiring evaluation of the entire policy tree at the cost of
    efficient evaluation of distributed policies.
2) Accept non-determinism by not requiring evaluation of entire
    tree, but allow determinism by use of the ordered-* versions
    of the combining algorithms.
3) Drop this work item.  Note that XACML 1.1 allows users to
    control the trade off between determinism in which Obligations
    are returned and efficient evaluation of distributed policies
    by allowing use of the ordered-* versions of the combining
    algorithms.

Polar is opposed to non-deterministic mechanisms in a standard.

SEE LIST FOR MORE DETAILED REVIEW OF WORK ITEMS (Anne to post update)

Meeting Adjourned.


To unsubscribe from this mailing list (and be removed from the roster of
the OASIS TC), go to
http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php
.