[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Minutes: XACML TC Conf Call 2/28/08
1) The wiki on Obligations I referred during the meeting is: http://wiki.oasis-open.org/xacml/ProposalForObligations I was interested in knowing whether my comments on the wiki were considered by Bill/Erik. 2) Correction in the name of a panelist at IDTrust08: Sunil Madhu (Cisco/Securent): Chief Architect of their Policy Business Unit. Rich Levinson wrote: > Time: 10:00 am EDT > Tel: 512-225-3050 Access Code: 65998 > > Proposed Agenda: > > 10:00 - 10:10 Roll Call & Minutes > Minutes 14 February 2008 > http://lists.oasis-open.org/archives/xacml/200802/msg00003.html > minutes approved > > Status on interOp, promotion > Most of the activity of late has been directed at the interOp > http://lists.oasis-open.org/archives/xacml/200802/msg00013.html > > Adminisitriva > Site, References updated to reflect new XACML implementation > http://lists.oasis-open.org/archives/xacml/200802/msg00004.html > http://lists.oasis-open.org/archives/xacml/200802/msg00010.html > > Call for Proposals - eID and Citizen-centric Administration > http://lists.oasis-open.org/archives/xacml/200802/msg00005.html > > Last Call for IDtrust 2008 > http://lists.oasis-open.org/archives/xacml/200802/msg00020.html > > > 5 people giving panel, telling people about rsa interop > > Hal, Anil S., Tony, Bill, Anil Madhu(Cisco/Securent) > Andreas Sjooholm > > link sent to xacml list, click on prg go to > > 10:10 - 11:00 Issues > Proposal for Context Note Change re: xPath > http://lists.oasis-open.org/archives/xacml/200802/msg00006.html > > Erik: optimizations difficult because xpath can point > anywhere. Can't do partial evaluations. > > Hal: should go ahead w it > > Erik: no known open issues > > Content node will be the default xpath > xpath cannot climb out of this root, but possible to get around it. > pdp might optimize query if you don't do it in particular way. > recommend making private copy of request if want to get out. > > v3 "Practicalities" > http://lists.oasis-open.org/archives/xacml/200802/msg00007.html > > Erik: duplicate combiners element, jaxb > Hal: probably a typo/ upper line probably in by mistake > Erik: remove the first one. > > 2nd issue: > > Hal: xml schema defaults are becoming controversial: inconsistent > and can cause sigs to break, etc. > > Anil. S. 3.0 only, Erik: no chgs to 2.0 > > Anil: versions? > Erik: vesions of Policy not schema > > Erik: effect of mandatory is to write them out, but that > is not really a default it is just a hard defn > in 3.0 only Version and MustBePresent are impacted. > Hal: recommendation is to go ahead, make attrs mandatory > > Updated Obligations Proposal > http://lists.oasis-open.org/archives/xacml/200802/msg00008.html > http://lists.oasis-open.org/archives/xacml/200802/msg00015.html > http://lists.oasis-open.org/archives/xacml/200802/msg00018.html > > Bill and Erik had recommendations: > Erik: 2 things: > 1. defined request format, part of families is defining metadata > 2. defined timing attr proposed by David Chadwick > > define what obligations before/after access > > if after: make sure service has been delivered before billing > authority: side effects of access visible to obl before it is > enforced. > > David O is asking for authorities that interact with each other. > > Hal: what database info is visible at given point > Erik: atomicity is about success, wouldn't apply obl if access > is unsuccessful. > > Bill: original intent of obls, timing of access and when obl > carried out may be different, can't really bound it. > > need a "tried long enough" moment, so introduce ttl > > Hal: obl that are carried out in future: ex destroy data in 30 d. > maybe don't want to "start" for 30 d, or it's an upper bound > > Bill: billing situation, if x allowed, expect y > > Hal: issue where boundary of obl semantics really ends - beyond xacml > > purpose: do better job "combining" obls, not to build out new > functionality. > > > Anil Seldhana: had proposal on obl on wiki: will send email > to point people there. > > Updated Administration Schema > http://lists.oasis-open.org/archives/xacml/200802/msg00014.html > > updated 2 sections out of date > > Hal: how general does it have to be - just cover access subject? > Erik: potential for loops > Hal: put resource limits on policy evaluations; hard to > detect a loop. > > Erik: different categories, maybe when you come thru loop > 2nd time you are doing something different. > Hal: would be nice to have some valid use cases. > > Erik: 2 more sections: > removing policies: made non-normative suggestion > and issues around mgmt of removals > added conformance section: reduction of functionaliy > not couple 2 unrelated things. > > PDP Meta Schema Proposal > http://lists.oasis-open.org/archives/xacml/200802/msg00016.html > http://lists.oasis-open.org/archives/xacml/200802/msg00017.html > > Erik: proposal: schema; pdp can declare what fcns it supports, > it's extensible; ex for Obligations family can publish what > families pdp implements. > Hal: what about administrative attributes (metadata) > > Hal: is there default Rule combining reqd? > Erik: ex schema has combing algorithm > > Hal: reduction of admin policies that enable non-root, > are attrs of admin those current or those at time > policy was created. Typically attr updates are historically > lost as to when/why. > > Hal: good start on schema, looking for more suggestions. > > Hal: what about publishing optional capabilties > Erik: it does. > Bill: say what obl families supported
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]