Minutes from XACML TC Meeting 2 August 2007

[Anne Anderson - Sun Microsystems <Anne.Anderson@sun.com>]

Minutes from XACML TC Meeting 2 August 2007

1  Roll Call & Minutes

    Attendees:
     Ron Williams
     David Staggs
     Anil Saldhana
     Erik Rissanen
     Bill Parducci
     Tony Nadalin
     Prateek Mishra
     Rich Levinson
     Harry Haury (not yet voting member)
     Anne Anderson

    Regrets:
     Hal Lockhart
     Seth Proctor

    Quorum was achieved.

    The minutes from the 19 July TC meeting were posted late, so will
    be up for approval at the 16 August TC meeting:
    http://lists.oasis-open.org/archives/xacml/200708/msg00004.html

2  Administrivia

    a. Workshop on SAML & XACML Given at GeoWeb 2007 in Vancouver
       (SAML TC list)

       Hal was not present to report on this.

    b. Test Status Update - Summary List [Approvals, Publication]
       (xacml-demo-tech list)

       The general consensus of the TC was that a summary report
       of the interop should be written for public consumption,
       and not publish the detailed vendor results.  The summary
       should include a description of the scenarios tested, the
       general results, and lessons learned.

       ACTION: Bill will check with OASIS on what the TC can and should do.
       ACTION: Rich will draft a summary based on message from OASIS.

    c. SAML 2.0 Profile of XACML, Version 2, WD 5 uploaded
       http://lists.oasis-open.org/archives/xacml/200707/msg00021.html

       Anne described changes from WD4 - WD5.  She will post a
       summary of the changes.

       She recommends use of this profile for any future XACML
       interoperability demonstrations: XACML 3.0-specific
       sections are clearly identified, and the rest is bug fixes,
       better explanations, and examples based on what we have
       learned from trying to use the existing standard version of
       the profile.

       A new editor is needed for this Working Draft.

    c. Web Services Profile of XACML (WS-XACML) Version 1.0, WD 9
       uploaded
       http://lists.oasis-open.org/archives/xacml/200707/msg00015.html
       http://lists.oasis-open.org/archives/xacml/200707/msg00018.html

       Anne reported on the changes in this new draft, which are
       summarized in msg00018.html above.  This draft closes all
       open issues.

       A new editor is needed for this Working Draft.

    d. access_control-xacml-2.0-core-spec-os-errata.doc uploaded
       http://lists.oasis-open.org/archives/xacml/200707/msg00024.html

       Erik posted an update to the XACML 2.0 Core errata document
       including all errata fixes that have also been incorporated
       into the XACML 3.0 Core specification draft.

    e. New XACML References and Products document V1.83
       http://lists.oasis-open.org/archives/xacml/200707/msg00025.html

       Anne reported on the new version of the XACML References
       and Products document.  This includes a large number of new
       papers and some new vendors and deployments.  XACML
       continues to be a hot topic of academic study.

       A new editor is needed for this document.

       The previous version - V1.73 - is located at
       http://docs.oasis-open.org/xacml/references/xacmlRefsV1.73.html
       for those who want to do a diff.

4  Issues Review
    http://wiki.oasis-open.org/xacml/IssuesList

    #69: location of XACML 2.0 schema files
    http://lists.oasis-open.org/archives/xacml/200707/msg00019.html

    This was just a clarification of why the schema reference
    problem occurred, and why the "workaround" of including the
    XACML 2.0 schemas in two different locations was needed.

    The following issues pending review will be up for approval at
    the next meeting:

    32. ADMIN:Exception handling
    Resolution in Delegation profile WD17
    Champion: Bill

    38. CORE:Replace uri-string-concatenate with to-string and 
from-string functions
    Resolution in XACML 3.0 WD3
    Champion: Erik

    40. CORE:Change ResourceContent
    Resolution in XACML 3.0 WD2,3
    Champion: Daniel (Erik)

    50. ADMIN:Maxdepth with attribute categories
    Resolution in XACML 3.0 WD2,3 and Delegation profile WD17
    Champion: Erik

    54. ADMIN:Number of policies required by administrative policy 
delegation
    Resolution in Delegation profile WD17
    Champion: Erik

    55. WS-XACML:Address policy references in a Requirements element 
containing a PolicySet
    Resolution: ReferencedPolicies element in WD9 released 18 July 2007
    Champion: Anne

    56. WS-XACML:Add optional "Preference" XML attribute to Apply element
    Resolution: ValuePreference attribute is in WD9 released 18 July 2007
    Champion: Anne

    57. WS-XACML:Restrictions on XPath expression to support matching 
Attribute references
    Resolution in WS-XACML profile WD1-3 (informal proof in WD4)
    Champion: Anne

    58. WS-XACML:Handle P3P 1.0 POLICY/STATEMENT/NON-IDENTIFIABLE in an 
XACMLPrivacyAssertion
    Resolution: NON-IDENTIFIABLE does not overlap with the PURPOSE and 
RECIPIENT clauses. WD9 is consistent with this understanding.
    Champion: Anne

    59. WS-XACML:Allow restricted regular expression functions in 
XACMLAssertion
    Resolution: Regular expressions and syntax reference are in WD9 
released 18 July 2007
    Champion: Anne

    64. ADMIN:Treatment of administrative deny
    Resolution in Delegation profile WD17
    Champion: Erik

    68. CORE:Backwards compatiblity of generalized Target
    Resolution in XACML 3.0 WD2,3
    Champion: Erik

    69. ERRATA:Incorrect URL in 
access_control-xacml-2.0-context-schema-os.xsd schema file
    Resolution in XACML 2.0 errata updated 5 July 2007
    Champion: Erik

    74. SAML:Add SAML metadata description
    Resolution: WD4 has a preliminary version of SAML metadata

    77. CORE:Datatype of Resource id attribute in Response
    Resolution in XACML 3.0 WD3
    Champion: Erik

    78. ERRATA:Namespace treatment in xpaths
    Resolution in XACML 3.0 WD3
    Champions: Daniel, Erik

    79. ERRATA:Incorrect use of multiple subjects
    Resolution in XACML 2.0 errata updated 5 July 2007
    Champion: Anne

    80. ERRATA:"Policies based on resource contents"
    Resolution in XACML 2.0 errata updated 5 July 2007
    Champion: Erik

    81. CORE: Data type and function definitions by references to XPath 2.0
    Resolution in XACML 3.0 WD3
    Champions: Anne, Erik

    84. WS-XACML: limit-scope functions will not work as described
    Resolution: Both functions removed in WD9 released 18 July 2007

5  IHE healthcare XACML interop interest

    David Staggs reported that Integrating Healthcare Environments
    (IHE) is interested in a healthcare interop using XACML.  IHE
    runs these under the auspices of the Healthcare Information
    and Management Systems Society (HIMSS).  IHE takes Health
    Level 7 (HL7 - an international healthcare standards
    organization) scenarios, implements them, creates a profile,
    and demonstrates interoperability.  IHE is interested in an
    XACML interop similar to the Burton interop, but also
    including healthcare-related privacy cases.  IHE needs a
    proposal from the XACML TC by October.  The interop profiles
    are frequently published by the Health Information Technology
    Standards Panel (HITSP), a panel developed by the U.S. Dept of
    Health and Human Services as U.S. govt. standards.  IHE
    requires at least two vendors to participate.

    Bill reported that OASIS is interested in promoting these
    events.  He will start the conversation with OASIS
    administration.

    ACTION: Bill - notify OASIS of IHE's interest.

The meeting adjourned at 10:30am Eastern Time.

-- 
Anne H. Anderson, Sun Microsystems Laboratories
1 Network Drive,UBUR02-311, Burlington, MA 01803-0902 USA
Tel: 781/442-0928  Fax: 781/442-0399
Email: Anne.Anderson@Sun.COM until 2 August 2007
Email: Anne.Anderson@alum.swarthmore.edu after 2 August 2007