OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes of 20 July 2006 TC Meeting

Minutes of the OASIS XACML Technical Committee Meeting
20 July 2006

Voting Member Attendees:
  Anne Anderson
  Hal Lockhart
  Daniel Engovatov
  Tony Nadalin
  Argyn Kuketayev
  Kamelendu Biswas
  Erik Rissanen
  Seth Proctor
  David Staggs

  Greg Desmarais (Sigaba)

1. Roll Call and Agenda Review

    Quorum was achieved

2. Vote on approval of minutes from 22 June 2006 meeting

    Approved unanimously.

3. Revision of XACML 2.0 core errata

    1) uri-string-concatenate (in current draft)
    2) replacement of non-standard normative references (in current draft)
    3) Omission of "Deny" case in Permit-Overrides PolicyCombiningAlg
    4) Add OASIS Copyright notice to XACML schema files

    Approved unanimously.

4. Registration of XACML with ET.gov

    Add address to OASIS Office.  Change contact to OASIS.

    AI: Hal will figure out what address and contact to use.

    Approved unanimously with address and contact changes.

5. Issues list

    3. Should elements in a policy target and the request context be open?
       Daniel's Target proposal: status

       Daniel's proposal depends on resolution of #40.

   40. Change ResourceContent

       Daniel proposes an optional URI with AttributeSelector,
       resolved in implementation-specific way.  One problem is
       multiple documents.

       Anne suggested perhaps just using Attributes that contain
       the contents of the document.

       Seth noted that ResourceContent is useful when the
       ContextHandler doesn't have access to the location of the
       actual document instance.

       Seth suggested existing Request containing categorized
       Attributes, plus optional sequence of XML content
       documents.  Content element tag could contain XML attribute
       that has a URI that is the unique identifier of the

       General agreement on the last suggestion.

       AI: Daniel will issue a revised proposal this week.

       AI: Anne will send e-mail about turning the Kavi
       member-only URL into a publicly available URL.

   5.  Policy statements in request context (Anne)
       Note:in a separate bucket in XACMLAuthzDecisionQuery in
       SAML Profile Version 2 draft.

       Hal suggested this is appropriate, since the SAML Profile
       is a particular protocol for passing information used in an
       evaluation.  He also thinks #31 can be handled the same

       General approval for this in the SAML Profile Version 2.

       AI: Anne to draft proposal for describing semantics of such
       policies in the core.

   10. Obligations (PENDING REVIEW)

       How does reduction deal with obligations.  All obligations
       from access and admin policies will be collected.

       Approved.  Change status to CLOSED.

   26. Reduction of deny (PENDING REVIEW)

       Current Proposal: Admin policies that evaluate to Deny are

       Approved.  Change status to CLOSED.

   31. Passing arbitrary sets of Attributes in the request (Frank)

       AI: Erik will draft syntax and text for SAML Profile, and
       semantic description for core.

   35. Attribute timing (PENDING REVIEW)

       Do you use Attribute values from time policy was created or
       modified or from time policy is evaluated?

       Current Proposal: PDPs can operate in either mode.
       Implementation dependent.  #36 may provide way for a PDP to
       advertise its mode.

       AI: Anne issue proposal to let policy state whether it must
       be evaluated with historic or current attribute values;
       would evaluate to Indeterminate if PDP is unable to supply
       the required values.

       Approved.  Change status to CLOSED.

6. Wrap up

    Next call will be August 3.  Hal will be absent, attending TAG

Respectfully submitted,
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]