[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes TC Meeting 17 January 2008
Minutes of XACML TC Meeting 17 January 2008 1 Roll Call Attendees Hal Lockhart (Co-chair) Bill Parducci (Co-chair, minutes) Erik Rissanen Rich Levinson Anil Saldhana Seth Proctor David Staggs Quorum achieved (66% per Kavi) 2 Administrivia Minutes approved from 20 December 2007 (updated) Hal reviewed the Oasis wiki access control policy - requires TC Membership to write, world readable. Erik posted a number of updates to the list before the first of the year to conform with Oasis documentation policy/formatting. 3 Issues Context node of an attribute selector Eric raised concerns for using Attribute selectors for accessing regular attributes. Seth noted that this mechanism is use today. There is some ambiguity on how this is implemented. Seth will review the explicit text in the v2 specification and discuss on the list. After a brief discussion there was general consensus for Eric to formally proposal new wording to the list to address this. #87 Xpath-expression The use of Xpointer in the v2 specification is ambiguously applied to the v2 spec. Xpointer is used in the v2 specification non-normative examples, but it it not mentioned anywhere in the normative text. Eric thinks it was believed to be an error, and that Xpointer has never officially been part of XACML. Therefore, Rich and Erik suggest that the Xpointer reference should be removed in v3. There was general consensus that the Xpointer references be dropped. Obligations Eric noted that some sections of Obligations proposal are not developed yet because it was not clear support that there would be support for the idea (e.g. response schema missing). In the proposal Obligations would be optional extension of existing 2.0 capabilities. Hal opined that better handling and more options are in this proposal. Basic mechanism proposed is for PDP to collect all Obligations associated with a decision and only return those associated with the result. Erik offered to develop an updated, more complete version of the proposal. In the existing v2 implementations two PDPs could return different Obligations if using combining rules that don't process optional things the same. There are ways to get around it to ensure all engines return same set; Policy design and combining algorithms can force consistency but at expense of performance. meeting adjourned.