OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes: 8-Nov-07 XACML TC meeting

Note "->" points at action items along the way:

1 Roll Call:

   Voting Members:
    Erik Rissanen
    Rich Levinson
    Anil Saldhana
    Seth Proctor
    David Staggs
    Bill Parducci
    Prateek Mishra

    Dee Schur
    Prasad Rh... (securent) (apologies: difficult connection to get name)

2 Administrivia:

  Minutes from 25-Oct-07: vote on approval delayed until next mtg due to 
    logistic difficulties establishing quorum.

  Review plans for RSA 2008:

    Dee sent out email w proposed scenarios just prior to meeting:

       Dee: memo provides scenarios, has been working on it w David, Dee 
said Tony
            looked at it and was comfortable. Prateek has comments - Dee 
thinks can work
            w Liberty.
        Dee,Dave: scenarios can be modified and refined; Dave will do 
ongoing scenario
       Prateek,Dee,Dave: identify gaps w privacy etc. that IGF Liberty 
is addressing:
       Dave: there is context article from 2005 on xacml tc home page 
list of refs using
->      xacml for privacy controls - Dave will put specifics in an email 
to tc so people
          know what and where to look for this and other supporting info.
       Rich, Anil: what's really needed for participants to evaluate is 
a proposed set of
          actual messages that would be exchanged identifying details 
that will be brought
          out in proposed demo. i.e. the high level sketch is not enough 
- participants need
          to know, similar to the Burton Interop, structurally what the 
message exchange
          and capabilities of xacml that will be utilized.
       Anil: interested in applicability of xacml, rather than 
emphasizing privacy, focus on
          general health care industry.
       Dee: doesn't want it too broad. Is interested in focusing on 
privacy and applicability
          to other vertical industries. i.e. health care is example, but 
privacy is broad concern
          to other industries - i.e. narrow capabilities w broad appeal, 
vs broad appl w
          narrow appeal
       Dee: needs to get closure because RSA space needs to be paid for
       Prateek: would like to see delta from last interop doc.
       Bill: looking at time critical - RSA needs scenario to review. 
Want to post a time
          and place for getting closure w the group.

  ->  Bill: propose call next Tue Nov 13 at 10 AM EST - will send out email.

  Call for papers: OASIS IDtrust
   Dee: Organization - used to be PKI forum
     Associated w NIST symposium:

3 Issues

  Issue 87: CORE ERRATA: resource:xpath needs to be addedin B.6,
    plus fix needed for 4.2.2 example - updated
    Rich sent out email describing issue w proposal for resolution:

    Rich: bottom line: resource:xpath was left out of XACML 2.0 core defns
       in sec b.6. As a result there is great ambiguity how to interpret 
       in core spec as raised by Niko in xacml-dev:
       If the suggested fix is agreed to, then there is minimal impact 
on core spec
       except some of the actual xpaths may need to be adjusted based on the
       resolution and Niko has indicated they have some errors w "/" 
usage that
       needs to addressed in any case.

       Bottom line here is that this example is extremely critical for 
proper understanding
       of the core document, and when highly technical developers such 
as Niko get
       into the details, some key ambiguities and outright lack of any 
obvious way to
       interpret the whole collection of xpaths that permeate the 
examples is brought
       into question. Therefore, this really needs to be looked at and 
       reached and corrections applied.

 -> anyone interested in helping to resolve, please review issue 87 on 
wiki plus
       Rich's email above. Issue on wiki has links to other emails 
describing lots
       of details and multiple possible courses of actions. However, 
above email
       proposes a specific course of action that needs to be evaluated.

4 Other business:

    Anil: saml group has been provided with focus on xml.org:
    Dee: don't need to be oasis member to participate in focus group.
       Idea is that a group "gathers" to be editors, submitters, etc.
       Dee is about to launch ID Trust area. - a place to interact
       w non-members. Carol Geyer is main overall coordinator.
       Address concerns about consolidation of info related to subject
       on xml.org web site:


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]