Subject: Minutes of 11 November 2004 XACML TC Meeting - Clarification
(clarified text marked with '*') Attendees: Bill Parducci Hal Lockhart Anne Anderson Tim Moses Ron Jacobson Ed Coyne Seth Proctor Polar Humenn Erik Rissanen Michael McIntosh Daniel Engovatov Steve Anderson Mary McRae Michiharu Kudo Frank Siebenlist Quorum reached (81% per Kavi) Agenda: I. Minutes from 28 October meeting voted upon: Moved: Anne Second: Michael Corrections: none Approved unanimously. II. XACML v2.0 status -Core spec: Tim: A posting has been made re: naming consistency to comments list. The naming change increases the consistency of naming in a couple of v2 functions. TC believes that incorporating these changes will not affect the specification significantly and should be incorporated; changes are: regexp-rfc822Name-match -> rfc822Name-regexp-match regexp-x500Name-match -> x500Name-regexp-match -SAML profile "inconsistency" Anne has made all recommended changes based on conversations with Eve Maler. * VOTE: Both amended specifications approved as Committee Drafts * (to include name changes described by Tim above to the core * specification). Move: Anne Second: Daniel Approved unanimously. -Attestations BEA and Entrust have posted Attestations, Gluecode has committed to attesting by 15 December 2004. As a result all specifications will remain at Committee Draft status until after 15 December. -Schedule With the next meeting falling of the US Thanksgiving holiday the next plenary meeting will be held on 9 December, 2004. III. XACML Summary After a brief discussion, an unanimous agreement--the TC has modified its Summary to: "Representing and evaluating access control policies" IV. XACML+ Tim has proposed some suggestion to the XACML spec that will allow policies to be used in areas outside of pure access control. The concept is not to constrain XACML's ability to describe access control, but to optimize it in such a way that it can be used in non access control situations (e.g. management policies). Tim reviewed his proposal with the TC. V. XACML References Anne Will our Reference include products that implement XACML? Several members felt this would be a good idea, and there were no objections other than a question about whether listing products would violate any OASIS policies. Hal Suggested we list other specs which refer to XACML and promised to provide a few. ACTION Hal will discuss with Oasis whether this violates any of their policies. VI. Delegated Administration Erik will be posting a proposal on delegated administration to the group. Meeting Adjourned.