OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes TC Meeting 17 January 2008 - REVISED

Minutes of XACML TC Meeting 17 January 2008

1  Roll Call
   Hal Lockhart (Co-chair)
   Bill Parducci (Co-chair, minutes)
   Erik Rissanen
   Rich Levinson
   Anil Saldhana
   Seth Proctor
   David Staggs
| Anil Tappetla

Quorum achieved (66% per Kavi)

2  Administrivia
Minutes approved from 20 December 2007 (updated)

Hal reviewed the Oasis wiki access control policy - requires TC
Membership to write, world readable.

Erik posted a number of updates to the list before the first of the
year to conform with Oasis documentation policy/formatting.

3 Issues

Context node of an attribute selector
Eric raised concerns for using Attribute selectors for accessing
regular attributes. Seth noted that this mechanism is use today.
There is some ambiguity on how this is implemented. Seth will review
the explicit text in the v2 specification and discuss on the list.
After a brief discussion there was general consensus for Eric to
formally proposal new wording to the list to address this.

#87 Xpath-expression
The use of Xpointer in the v2 specification is ambiguously applied
to the v2 spec. Xpointer is used in the v2 specification non-normative
examples, but it it not mentioned anywhere in the normative text. Eric
thinks it was believed to be an error, and that Xpointer has never
officially been part of XACML.  Therefore, Rich and Erik suggest that
the Xpointer reference should be removed in v3. There was general
consensus that the Xpointer references be dropped.

Eric noted that some sections of Obligations proposal are not
developed yet because it was not clear support that there would be
support for the idea (e.g. response schema missing). In the proposal
Obligations would be optional extension of existing 2.0 capabilities.
Hal opined that better handling and more options are in this proposal.
Basic mechanism proposed is for PDP to collect all Obligations
associated with a decision and only return those associated with
the result.

Erik offered to develop an updated, more complete version of the

In the existing v2 implementations two PDPs could return different
Obligations if using combining rules that don't process optional
things the same. There are ways to get around it to ensure all engines
return same set; Policy design and combining algorithms can force
consistency but at expense of performance.

meeting adjourned.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]