[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Minutes of XACML TC mtg: 3-Jul-08
Yes, I believe we had 7 of a possible 8. Thanks, Rich Erik Rissanen wrote: > Was the attendance enough to meet quorum? (I'm just asking so I know > that I can go ahead and update things according to the decisions made.) > > Best regards, > Erik > > Rich.Levinson wrote: >> Minutes of XACML TC mtg: 3-Jul-08: >> >> Time: 10:00 am EDT >> Tel: 512-225-3050 Access Code: 65998 >> >> Attendance: >> >> Voting Members >> >> Erik Rissanen Axiomatics AB >> Anthony Nadalin IBM >> Rich Levinson Oracle Corporation >> Hal Lockhart Oracle Corporation >> Anil Saldhana Red Hat >> Seth Proctor Sun Microsystems >> David Staggs Veterans Health Administration >> >> Members >> >> Duane DeCouteau Veterans Health Administration >> >> OASIS Staff >> >> Dee Schur OASIS >> >> Note: >> >> Next call in 2 weeks Jul 19. Hal will probably not be able to >> chair. Hopefully, Bill can handle. >> >> Agenda: ("Minutes" after each agenda item) >> >> 10:00 - 10:05 Roll Call & Minutes Approval >> Vote on Minutes from 19 June TC Meeting >> http://lists.oasis-open.org/archives/xacml/200806/msg00043.html >> >> Minutes approved. >> >> 10:05 - 10:10 Administrivia >> >> XACML Interop Update (London: Oct 2008) >> http://lists.oasis-open.org/archives/xacml/200806/msg00038.html >> >> Dee: go to forum page: xacml listed Wed PM. >> Cost is $500/participant company (we get to be in main >> castle room) >> Need commitments >> Erik in >> Tony - depends, for now, we're >> Anil (red hat) in >> David (VA) not present >> Rich - probably not in >> Dee says Sampo is probably in >> >> Duane will participate in mtgs and fill in details >> >> >> SVN Status - Waiting for word from Jamie >> >> Legal issues on source control, still waiting >> for details >> Std boiler plate - issue by Deviant people if they >> can use pieces of schemas etc. >> >> OGF document released for public comment: "Use of XACML >> RequestContext..." >> http://lists.oasis-open.org/archives/xacml/200806/msg00049.html >> >> Robin Cover distributed - geo space people want to stdize >> around req/rsp protocol >> >> A dynamic revocation model for XACML >> http://lists.oasis-open.org/archives/xacml/200807/msg00000.html >> >> Attributes of delegate when issued policy, if interested >> read paper - whether current admin can revoke policies >> created by previous admin. >> Relies on attributes saved and signatures and is "somewhat >> heavy to implement" >> >> 10:10 - 11:00 Issues >> Issues #71 and #76 (multi-categories) >> http://lists.oasis-open.org/archives/xacml/200806/msg00041.html >> >> Supporting multiple intermediaries, codebases. Hal now >> agrees w Erik, don't want to add new functionality >> for this. >> >> WS-XACML Review >> http://lists.oasis-open.org/archives/xacml/200806/msg00029.html >> >> Hal: potentially a solution to reqt how do you know >> what attr should be provided to PDP. Vocab could >> be gleaned from policies, create an xml document >> and say that is vocabulary, etc. >> >> Erik: think it's fine, raises reasonable things, if there >> is a demand from users should consider moving it forward. >> Hal: if going to req from pdp, what attr to provide. >> >> Erik: also contains privacy policy, how enforced. >> >> Hal: philosophy same as obligations >> >> Erik: Anne sent ref to paper that describes protocol >> setting to enforce - is concerned whether possible to >> enforce at all. >> >> Hal: privacy work was with some academic people, but can >> also be used for other purposes than privacy. As much >> as possible leveraging machinery that already exists >> access to pdp engines that already contain parsing >> >> Erik: xpath concern in there, WS-Policy dropped ignorable. >> Anne had restriction on xpath that there would always >> be unique - does not think it is sufficient, because can >> use different namespaces to get around. >> >> Hal: still hopeful Daniel can get back in. >> >> Passing parameters to the attribute designator >> http://lists.oasis-open.org/archives/xacml/200806/msg00042.html >> >> From Anil Tappetla: Erik been considering, understands >> need for parameters, but no sure policy is right place >> for it. Any semantics? Need to provide a use case to >> better understand the issue. >> Hal: maybe part of vocabulary, what is syntax of attrs >> that policy can be found and how do you find them. >> Erik: without more info would be inclined to say no. >> >> Security considerations for the access-permitted function >> http://lists.oasis-open.org/archives/xacml/200806/msg00044.html >> >> Erik: in general fcn may not terminate. Limit on depth >> is a problem. Propose a limit either in std or impl >> based in metadata. >> >> Hal: this might be useful in metadata. >> >> Hal: attacker could send poison policy to mess up system. >> >> Issue 88, general xpath functions again >> http://lists.oasis-open.org/archives/xacml/200806/msg00045.html >> >> Either general library or specific subset. xpath contains >> data types that do not fit xacml in any way. >> Craig/Erik: propose we make up specific fcns and refer to >> xpath and not plug into full xpath. >> Hal: purpose is manipulating request context. >> Erik: this is our identifier and the functions does same >> thing as the xpath spec. >> Erik: we defined general import, but not a good idea, then >> imported subset and found problems there. Now suggesting >> we just have identifiers that have limited interpretation >> but are equivalent to selected xpath specifics >> >> Issue 89, Adding a description element >> http://lists.oasis-open.org/archives/xacml/200806/msg00047.html >> >> Either add to expression type or to apply. If you add to >> apply will be more generally pervasive. >> >> A problem in the multiple resource profile >> http://lists.oasis-open.org/archives/xacml/200806/msg00048.html >> >> Erik: in the policy can specify xpath version. Mult res prof >> req does not have similar identification of version. >> Add an element for 3.0 >> >> The duration data types >> http://lists.oasis-open.org/archives/xacml/200807/msg00001.html >> >> Looks like oversight. However, if we add it then some of >> fcns there become redundant. >> Hal: intro new ones and give warning redundant will be >> removed in future. Sometimes convenient to keep around. >> Erik: adding date/time and year/month not the same. >> >> >> --------------------------------------------------------------------- >> To unsubscribe from this mail list, you must leave the OASIS TC that >> generates this mail. You may a link to this group and all your TCs >> in OASIS >> at: >> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]