[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes of XACML TC mtg: 3-Jul-08
Minutes of XACML TC mtg: 3-Jul-08: Time: 10:00 am EDT Tel: 512-225-3050 Access Code: 65998 Attendance: Voting Members Erik Rissanen Axiomatics AB Anthony Nadalin IBM Rich Levinson Oracle Corporation Hal Lockhart Oracle Corporation Anil Saldhana Red Hat Seth Proctor Sun Microsystems David Staggs Veterans Health Administration Members Duane DeCouteau Veterans Health Administration OASIS Staff Dee Schur OASIS Note: Next call in 2 weeks Jul 19. Hal will probably not be able to chair. Hopefully, Bill can handle. Agenda: ("Minutes" after each agenda item) 10:00 - 10:05 Roll Call & Minutes Approval Vote on Minutes from 19 June TC Meeting http://lists.oasis-open.org/archives/xacml/200806/msg00043.html Minutes approved. 10:05 - 10:10 Administrivia XACML Interop Update (London: Oct 2008) http://lists.oasis-open.org/archives/xacml/200806/msg00038.html Dee: go to forum page: xacml listed Wed PM. Cost is $500/participant company (we get to be in main castle room) Need commitments Erik in Tony - depends, for now, we're Anil (red hat) in David (VA) not present Rich - probably not in Dee says Sampo is probably in Duane will participate in mtgs and fill in details SVN Status - Waiting for word from Jamie Legal issues on source control, still waiting for details Std boiler plate - issue by Deviant people if they can use pieces of schemas etc. OGF document released for public comment: "Use of XACML RequestContext..." http://lists.oasis-open.org/archives/xacml/200806/msg00049.html Robin Cover distributed - geo space people want to stdize around req/rsp protocol A dynamic revocation model for XACML http://lists.oasis-open.org/archives/xacml/200807/msg00000.html Attributes of delegate when issued policy, if interested read paper - whether current admin can revoke policies created by previous admin. Relies on attributes saved and signatures and is "somewhat heavy to implement" 10:10 - 11:00 Issues Issues #71 and #76 (multi-categories) http://lists.oasis-open.org/archives/xacml/200806/msg00041.html Supporting multiple intermediaries, codebases. Hal now agrees w Erik, don't want to add new functionality for this. WS-XACML Review http://lists.oasis-open.org/archives/xacml/200806/msg00029.html Hal: potentially a solution to reqt how do you know what attr should be provided to PDP. Vocab could be gleaned from policies, create an xml document and say that is vocabulary, etc. Erik: think it's fine, raises reasonable things, if there is a demand from users should consider moving it forward. Hal: if going to req from pdp, what attr to provide. Erik: also contains privacy policy, how enforced. Hal: philosophy same as obligations Erik: Anne sent ref to paper that describes protocol setting to enforce - is concerned whether possible to enforce at all. Hal: privacy work was with some academic people, but can also be used for other purposes than privacy. As much as possible leveraging machinery that already exists access to pdp engines that already contain parsing Erik: xpath concern in there, WS-Policy dropped ignorable. Anne had restriction on xpath that there would always be unique - does not think it is sufficient, because can use different namespaces to get around. Hal: still hopeful Daniel can get back in. Passing parameters to the attribute designator http://lists.oasis-open.org/archives/xacml/200806/msg00042.html From Anil Tappetla: Erik been considering, understands need for parameters, but no sure policy is right place for it. Any semantics? Need to provide a use case to better understand the issue. Hal: maybe part of vocabulary, what is syntax of attrs that policy can be found and how do you find them. Erik: without more info would be inclined to say no. Security considerations for the access-permitted function http://lists.oasis-open.org/archives/xacml/200806/msg00044.html Erik: in general fcn may not terminate. Limit on depth is a problem. Propose a limit either in std or impl based in metadata. Hal: this might be useful in metadata. Hal: attacker could send poison policy to mess up system. Issue 88, general xpath functions again http://lists.oasis-open.org/archives/xacml/200806/msg00045.html Either general library or specific subset. xpath contains data types that do not fit xacml in any way. Craig/Erik: propose we make up specific fcns and refer to xpath and not plug into full xpath. Hal: purpose is manipulating request context. Erik: this is our identifier and the functions does same thing as the xpath spec. Erik: we defined general import, but not a good idea, then imported subset and found problems there. Now suggesting we just have identifiers that have limited interpretation but are equivalent to selected xpath specifics Issue 89, Adding a description element http://lists.oasis-open.org/archives/xacml/200806/msg00047.html Either add to expression type or to apply. If you add to apply will be more generally pervasive. A problem in the multiple resource profile http://lists.oasis-open.org/archives/xacml/200806/msg00048.html Erik: in the policy can specify xpath version. Mult res prof req does not have similar identification of version. Add an element for 3.0 The duration data types http://lists.oasis-open.org/archives/xacml/200807/msg00001.html Looks like oversight. However, if we add it then some of fcns there become redundant. Hal: intro new ones and give warning redundant will be removed in future. Sometimes convenient to keep around. Erik: adding date/time and year/month not the same.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]