OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Minutes of 27 October 2005 TC meeting


Minutes of OASIS XACML TC Meeting
10am EDT, 27 October 2005

Attendees:
Argyn Kuketayev
Tony Nadalin
Seth Proctor
Erik Rissanen
Anne Anderson (minute taker)
Bill Parducci
Michiharu Kudo
Ron Williams

ACTION ITEM [Chairs]: contact Frank to see if he wishes to pursue
the Open Issues assigned to him:
  4. PDP references in policies
  6. Identity attributes
  8. Alternate Owner-Policy-Statement to determine sentinel
  31. Passing arbitrary sets of Attributes in the request

ACTION ITEM [Chairs]: contact Daniel to see if he will follow
through on Issue #3. "Should elements in a policy target and the
request context be open?"

10:00 - 10:05 Roll Call and Agenda Review

   See "Attendees" above.  There were no changes to the proposed
   agenda posted at

http://www.oasis-open.org/apps/org/workgroup/xacml/email/archives/200510/msg00021.html

10:05 - 10:10 Vote on approval of minutes from October 13
   http://lists.oasis-open.org/archives/xacml/200510/msg00014.html

   Approved unanimously.

10:10 - 10:20 Delegation
   Erik posted a brief description of this architecture for delegation
   http://lists.oasis-open.org/archives/xacml/200510/msg00018.html
   http://lists.oasis-open.org/archives/xacml/200510/msg00019.html

   PDP itself is independent of the new structure, which is handled
   by a wrapper.  Erik's implementation uses XACML 1.1; he feels
   using 2.0 will not make much difference.  Ugly to add state
   information to request, such as which policies have been used,
   just to split components.  Erik uses Obligations to pass state
   information out of the PDP; he feels better not to split the
   components to avoid using Obligations or a comparable new
   construct.  If it is easier to explain the model with a split,
   then conceptually this might make sense.

   Two major issues:
   1. Reduction of deny [Bill: nice WIKI page on this issue at
      http://wiki.oasis-open.org/xacml/IssuesList # 26, which links
      to http://wiki.oasis-open.org/xacml/ReductionOfDeny]

   2. Revocation issue: policy about who may remove a
      policy. Existing model handles who may add a policy.

10:20-10:25 Obligations
   http://wiki.oasis-open.org/xacml/DiscussionOnObligations

   Proposal to use ObligationCategory filters to handle
   combinations of Obligations within a Category: "cumulative",
   "first", ...

   Ron suggests hierarchy may be wrong structure if you see
   behavior exploding across the hierarchy.  A cross-index,
   etc. may be more appropriate.  Work through some use cases to
   see how it works out.

10:25 - 11:00 General Business
   Conformance Test wiki page
   http://wiki.oasis-open.org/xacml/ConformanceTestsChanges

   Proposal to have one link to large archive; another link to
   patch to large archive, which will point to a zip file
   containing changes to the large archive version.

   Bill: OASIS admin is discussing some sort of source control.
   He will keep TC notified on progress.  Also considering IRC,
   which may or may not be useful for our TC.

   Anne: source control could also be used for the XACML
   References page changes.

Regards,
Anne
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]