OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes TC Meeting 17 January 2008

Minutes of XACML TC Meeting 17 January 2008

1  Roll Call
   Hal Lockhart (Co-chair)
   Bill Parducci (Co-chair, minutes)
   Erik Rissanen
   Rich Levinson
   Anil Saldhana
   Seth Proctor
   David Staggs

  Quorum achieved (66% per Kavi)

2  Administrivia
  Minutes approved from 20 December 2007 (updated)

  Hal reviewed the Oasis wiki access control policy - requires TC
  Membership to write, world readable.

  Erik posted a number of updates to the list before the first of the
  year to conform with Oasis documentation policy/formatting.

3 Issues

  Context node of an attribute selector
  Eric raised concerns for using Attribute selectors for accessing
  regular attributes. Seth noted that this mechanism is use today.
  There is some ambiguity on how this is implemented. Seth will review
  the explicit text in the v2 specification and discuss on the list.
  After a brief discussion there was general consensus for Eric to
  formally proposal new wording to the list to address this.

  #87 Xpath-expression
  The use of Xpointer in the v2 specification is ambiguously applied
  to the v2 spec. Xpointer is used in the v2 specification non-normative
  examples, but it it not mentioned anywhere in the normative text. Eric
  thinks it was believed to be an error, and that Xpointer has never
  officially been part of XACML.  Therefore, Rich and Erik suggest that
  the Xpointer reference should be removed in v3. There was general
  consensus that the Xpointer references be dropped.

  Eric noted that some sections of Obligations proposal are not
  developed yet because it was not clear support that there would be
  support for the idea (e.g. response schema missing). In the proposal
  Obligations would be optional extension of existing 2.0 capabilities.
  Hal opined that better handling and more options are in this proposal.
  Basic mechanism proposed is for PDP to collect all Obligations
  associated with a decision and only return those associated with
  the result.

  Erik offered to develop an updated, more complete version of the

  In the existing v2 implementations two PDPs could return different
  Obligations if using combining rules that don't process optional
  things the same. There are ways to get around it to ensure all engines
  return same set; Policy design and combining algorithms can force
  consistency but at expense of performance.

meeting adjourned.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]