[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes of XACML TC Meeting 1 March 2007
1. Roll Call & Minutes Attendees Hal Lockhart (Co-chair) Bill Parducci (Co-chair, minutes) Anthony Nadalin Argyn Kuketayev Abbie Barbir Rich Levinson Prateek Mishra Sekhar Sarukkai Erik Rissanen Anne Anderson David Staggs Dee Schur (Oasis Member Support) Quorum was achieved (69% per Kavi) 2. Administrivia F2F draft agenda by early next week BILL + HAL special meal requests? Hal and Bill will work on agenda for F2F. There MAY be cell phone access to the meeting site via our existing bridge. Hal will confirm availability of existing bridge or arrange another with Abbie. Oasis Webinars Dee Schur notified that TC that Oasis would like to put a series of webinars for each of the security TCs works. These will be made available on the Oasis website. Oasis has made a call for volunteers to the TC who would be interested in creating content based upon XACML. InterOp The InterOp is proceeding but there are still a number of open issues. A list has been setup for discussion by the InterOp members. If others wish to participate please notify the Chairs as soon as possible. Latest Draft Erik briefly described the changes in the latest Draft posted to the list. 3. Issues #-- Behavior of combining algorithms variant (Erik) Discussion on list stands for itself. Question about whether to add optional. #63 Generalization of multiple resources Spec says all Attributes for Multiple subjects with same Subject Category are merged. Hal considers this a bug, especially for codebase and intermediaries. Erik's MultipleCondition from the previous Admin Policy draft is one possible way to address this. ACTION ITEM: Hal will create a new issue to address this. #40 <ResourceContent> element Question is whether 1) AttributeSelector should have an xml attribute to select ResourceContent documents using a different base than the Request Context and 2) whether there could be more than one content element per category. Resolution of the attribute would be implementation-dependent. Daniel proposed the XML attribute; question about whether there is an actual use case. General consensus on the call is to drop the ID reference and to restrain the schema to allow only one <Content> element per <Attributes> element. (No change from 2.0) #32 Exception handling What happens if an untrusted policy produces an Indeterminate? Should it influence the decision or not? Don't know whether trusted or not until it is reduced. No solution yet. Erik will continue working on it. #-- Target Issues (ConjunctiveMatch and compatibility) Related to the matching on multiple subject issue. Currently can't index on multiple subjects. Erik is not clear on how to move forward on this. His inclination is to allow multiple categories in the disjunctive match; already allowed for multiple subject categories. Erik and Hal will champion this. #-- Access Permitted feature "Access Permitted" previously referred to Subject, but now that we have extensible Attributes, it needs at least to be reworded. Possibly NP complete if fully generalized. Hal will respond to Erik's e-mail. #-- Prateek's issues A. PDP to PEP communication Should there be some standardization around interface between tightly coupled PDP and PEP. We have the SAML protocol where not tightly coupled. B. Define meta-data that would allow definition of the world of information that is subject to policies. PAP, PEP, and Context Handler have to be coordinated. The WS-XACML "Vocabulary" elements in Requirements and Capabilities are one approach to this; they allow specification of URIs that are associated with documents, products, etc. that require a particular set of Attributes to be retrievable. C. Standard interfaces so a PDP can be specified in an RFP Hal made comments on the List to some of these issues recently: Policy Inputs http://lists.oasis-open.org/archives/xacml/200702/msg00059.html Closely Coupled PEP/PDP http://lists.oasis-open.org/archives/xacml/200702/msg00060.html Policy Provisioning http://lists.oasis-open.org/archives/xacml/200702/msg00061.html Other miscellaneous concerns http://lists.oasis-open.org/archives/xacml/200702/msg00062.html #66 Missing attributes may be underspecified Rich thinks there is confusion about what is interoperable. Rich's interoperability document has the Context Handler on the PEP side. Needs clarification. Next meeting is F2F. Next telephone meeting will be March 29. meeting adjourned.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]