[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes: 8-Nov-07 XACML TC meeting
Note "->" points at action items along the way: 1 Roll Call: Voting Members: Erik Rissanen Rich Levinson Anil Saldhana Seth Proctor David Staggs Bill Parducci Prateek Mishra Others Dee Schur Prasad Rh... (securent) (apologies: difficult connection to get name) 2 Administrivia: Minutes from 25-Oct-07: vote on approval delayed until next mtg due to tech logistic difficulties establishing quorum. Review plans for RSA 2008: Dee sent out email w proposed scenarios just prior to meeting: http://lists.oasis-open.org/archives/xacml/200711/msg00005.html Discussion: Dee: memo provides scenarios, has been working on it w David, Dee said Tony looked at it and was comfortable. Prateek has comments - Dee thinks can work w Liberty. Dee,Dave: scenarios can be modified and refined; Dave will do ongoing scenario work. Prateek,Dee,Dave: identify gaps w privacy etc. that IGF Liberty is addressing: http://lists.oasis-open.org/archives/xacml/200711/msg00006.html Dave: there is context article from 2005 on xacml tc home page list of refs using -> xacml for privacy controls - Dave will put specifics in an email to tc so people know what and where to look for this and other supporting info. Rich, Anil: what's really needed for participants to evaluate is a proposed set of actual messages that would be exchanged identifying details that will be brought out in proposed demo. i.e. the high level sketch is not enough - participants need to know, similar to the Burton Interop, structurally what the message exchange and capabilities of xacml that will be utilized. Anil: interested in applicability of xacml, rather than emphasizing privacy, focus on general health care industry. Dee: doesn't want it too broad. Is interested in focusing on privacy and applicability to other vertical industries. i.e. health care is example, but privacy is broad concern to other industries - i.e. narrow capabilities w broad appeal, vs broad appl w narrow appeal Dee: needs to get closure because RSA space needs to be paid for Prateek: would like to see delta from last interop doc. Bill: looking at time critical - RSA needs scenario to review. Want to post a time and place for getting closure w the group. -> Bill: propose call next Tue Nov 13 at 10 AM EST - will send out email. Call for papers: OASIS IDtrust Dee: Organization - used to be PKI forum http://lists.oasis-open.org/archives/xacml/200711/msg00002.html Associated w NIST symposium: http://lists.oasis-open.org/archives/xacml/200709/msg00015.html 3 Issues Issue 87: CORE ERRATA: resource:xpath needs to be addedin B.6, plus fix needed for 4.2.2 example - updated Rich sent out email describing issue w proposal for resolution: http://lists.oasis-open.org/archives/xacml/200711/msg00004.html Rich: bottom line: resource:xpath was left out of XACML 2.0 core defns in sec b.6. As a result there is great ambiguity how to interpret examples in core spec as raised by Niko in xacml-dev: http://lists.oasis-open.org/archives/xacml-dev/200710/msg00000.html If the suggested fix is agreed to, then there is minimal impact on core spec except some of the actual xpaths may need to be adjusted based on the resolution and Niko has indicated they have some errors w "/" usage that needs to addressed in any case. Bottom line here is that this example is extremely critical for proper understanding of the core document, and when highly technical developers such as Niko get into the details, some key ambiguities and outright lack of any obvious way to interpret the whole collection of xpaths that permeate the examples is brought into question. Therefore, this really needs to be looked at and agreement reached and corrections applied. -> anyone interested in helping to resolve, please review issue 87 on wiki plus Rich's email above. Issue on wiki has links to other emails describing lots of details and multiple possible courses of actions. However, above email proposes a specific course of action that needs to be evaluated. 4 Other business: Anil: saml group has been provided with focus on xml.org: Dee: don't need to be oasis member to participate in focus group. Idea is that a group "gathers" to be editors, submitters, etc. Dee is about to launch ID Trust area. - a place to interact w non-members. Carol Geyer is main overall coordinator. Address concerns about consolidation of info related to subject on xml.org web site: http://www.xml.org/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]