[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes of 27 October 2005 TC meeting
Minutes of OASIS XACML TC Meeting 10am EDT, 27 October 2005 Attendees: Argyn Kuketayev Tony Nadalin Seth Proctor Erik Rissanen Anne Anderson (minute taker) Bill Parducci Michiharu Kudo Ron Williams ACTION ITEM [Chairs]: contact Frank to see if he wishes to pursue the Open Issues assigned to him: 4. PDP references in policies 6. Identity attributes 8. Alternate Owner-Policy-Statement to determine sentinel 31. Passing arbitrary sets of Attributes in the request ACTION ITEM [Chairs]: contact Daniel to see if he will follow through on Issue #3. "Should elements in a policy target and the request context be open?" 10:00 - 10:05 Roll Call and Agenda Review See "Attendees" above. There were no changes to the proposed agenda posted at http://www.oasis-open.org/apps/org/workgroup/xacml/email/archives/200510/msg00021.html 10:05 - 10:10 Vote on approval of minutes from October 13 http://lists.oasis-open.org/archives/xacml/200510/msg00014.html Approved unanimously. 10:10 - 10:20 Delegation Erik posted a brief description of this architecture for delegation http://lists.oasis-open.org/archives/xacml/200510/msg00018.html http://lists.oasis-open.org/archives/xacml/200510/msg00019.html PDP itself is independent of the new structure, which is handled by a wrapper. Erik's implementation uses XACML 1.1; he feels using 2.0 will not make much difference. Ugly to add state information to request, such as which policies have been used, just to split components. Erik uses Obligations to pass state information out of the PDP; he feels better not to split the components to avoid using Obligations or a comparable new construct. If it is easier to explain the model with a split, then conceptually this might make sense. Two major issues: 1. Reduction of deny [Bill: nice WIKI page on this issue at http://wiki.oasis-open.org/xacml/IssuesList # 26, which links to http://wiki.oasis-open.org/xacml/ReductionOfDeny] 2. Revocation issue: policy about who may remove a policy. Existing model handles who may add a policy. 10:20-10:25 Obligations http://wiki.oasis-open.org/xacml/DiscussionOnObligations Proposal to use ObligationCategory filters to handle combinations of Obligations within a Category: "cumulative", "first", ... Ron suggests hierarchy may be wrong structure if you see behavior exploding across the hierarchy. A cross-index, etc. may be more appropriate. Work through some use cases to see how it works out. 10:25 - 11:00 General Business Conformance Test wiki page http://wiki.oasis-open.org/xacml/ConformanceTestsChanges Proposal to have one link to large archive; another link to patch to large archive, which will point to a zip file containing changes to the large archive version. Bill: OASIS admin is discussing some sort of source control. He will keep TC notified on progress. Also considering IRC, which may or may not be useful for our TC. Anne: source control could also be used for the XACML References page changes. Regards, Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]