[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Minutes of XACML TC mtg: 3-Jul-08
Yes, I believe we had 7 of a possible 8.
Thanks,
Rich
Erik Rissanen wrote:
> Was the attendance enough to meet quorum? (I'm just asking so I know
> that I can go ahead and update things according to the decisions made.)
>
> Best regards,
> Erik
>
> Rich.Levinson wrote:
>> Minutes of XACML TC mtg: 3-Jul-08:
>>
>> Time: 10:00 am EDT
>> Tel: 512-225-3050 Access Code: 65998
>>
>> Attendance:
>>
>> Voting Members
>>
>> Erik Rissanen Axiomatics AB
>> Anthony Nadalin IBM
>> Rich Levinson Oracle Corporation
>> Hal Lockhart Oracle Corporation
>> Anil Saldhana Red Hat
>> Seth Proctor Sun Microsystems
>> David Staggs Veterans Health Administration
>>
>> Members
>>
>> Duane DeCouteau Veterans Health Administration
>>
>> OASIS Staff
>>
>> Dee Schur OASIS
>>
>> Note:
>>
>> Next call in 2 weeks Jul 19. Hal will probably not be able to
>> chair. Hopefully, Bill can handle.
>>
>> Agenda: ("Minutes" after each agenda item)
>>
>> 10:00 - 10:05 Roll Call & Minutes Approval
>> Vote on Minutes from 19 June TC Meeting
>> http://lists.oasis-open.org/archives/xacml/200806/msg00043.html
>>
>> Minutes approved.
>>
>> 10:05 - 10:10 Administrivia
>>
>> XACML Interop Update (London: Oct 2008)
>> http://lists.oasis-open.org/archives/xacml/200806/msg00038.html
>>
>> Dee: go to forum page: xacml listed Wed PM.
>> Cost is $500/participant company (we get to be in main
>> castle room)
>> Need commitments
>> Erik in
>> Tony - depends, for now, we're
>> Anil (red hat) in
>> David (VA) not present
>> Rich - probably not in
>> Dee says Sampo is probably in
>>
>> Duane will participate in mtgs and fill in details
>>
>>
>> SVN Status - Waiting for word from Jamie
>>
>> Legal issues on source control, still waiting
>> for details
>> Std boiler plate - issue by Deviant people if they
>> can use pieces of schemas etc.
>>
>> OGF document released for public comment: "Use of XACML
>> RequestContext..."
>> http://lists.oasis-open.org/archives/xacml/200806/msg00049.html
>>
>> Robin Cover distributed - geo space people want to stdize
>> around req/rsp protocol
>>
>> A dynamic revocation model for XACML
>> http://lists.oasis-open.org/archives/xacml/200807/msg00000.html
>>
>> Attributes of delegate when issued policy, if interested
>> read paper - whether current admin can revoke policies
>> created by previous admin.
>> Relies on attributes saved and signatures and is "somewhat
>> heavy to implement"
>>
>> 10:10 - 11:00 Issues
>> Issues #71 and #76 (multi-categories)
>> http://lists.oasis-open.org/archives/xacml/200806/msg00041.html
>>
>> Supporting multiple intermediaries, codebases. Hal now
>> agrees w Erik, don't want to add new functionality
>> for this.
>>
>> WS-XACML Review
>> http://lists.oasis-open.org/archives/xacml/200806/msg00029.html
>>
>> Hal: potentially a solution to reqt how do you know
>> what attr should be provided to PDP. Vocab could
>> be gleaned from policies, create an xml document
>> and say that is vocabulary, etc.
>>
>> Erik: think it's fine, raises reasonable things, if there
>> is a demand from users should consider moving it forward.
>> Hal: if going to req from pdp, what attr to provide.
>>
>> Erik: also contains privacy policy, how enforced.
>>
>> Hal: philosophy same as obligations
>>
>> Erik: Anne sent ref to paper that describes protocol
>> setting to enforce - is concerned whether possible to
>> enforce at all.
>>
>> Hal: privacy work was with some academic people, but can
>> also be used for other purposes than privacy. As much
>> as possible leveraging machinery that already exists
>> access to pdp engines that already contain parsing
>>
>> Erik: xpath concern in there, WS-Policy dropped ignorable.
>> Anne had restriction on xpath that there would always
>> be unique - does not think it is sufficient, because can
>> use different namespaces to get around.
>>
>> Hal: still hopeful Daniel can get back in.
>>
>> Passing parameters to the attribute designator
>> http://lists.oasis-open.org/archives/xacml/200806/msg00042.html
>>
>> From Anil Tappetla: Erik been considering, understands
>> need for parameters, but no sure policy is right place
>> for it. Any semantics? Need to provide a use case to
>> better understand the issue.
>> Hal: maybe part of vocabulary, what is syntax of attrs
>> that policy can be found and how do you find them.
>> Erik: without more info would be inclined to say no.
>>
>> Security considerations for the access-permitted function
>> http://lists.oasis-open.org/archives/xacml/200806/msg00044.html
>>
>> Erik: in general fcn may not terminate. Limit on depth
>> is a problem. Propose a limit either in std or impl
>> based in metadata.
>>
>> Hal: this might be useful in metadata.
>>
>> Hal: attacker could send poison policy to mess up system.
>>
>> Issue 88, general xpath functions again
>> http://lists.oasis-open.org/archives/xacml/200806/msg00045.html
>>
>> Either general library or specific subset. xpath contains
>> data types that do not fit xacml in any way.
>> Craig/Erik: propose we make up specific fcns and refer to
>> xpath and not plug into full xpath.
>> Hal: purpose is manipulating request context.
>> Erik: this is our identifier and the functions does same
>> thing as the xpath spec.
>> Erik: we defined general import, but not a good idea, then
>> imported subset and found problems there. Now suggesting
>> we just have identifiers that have limited interpretation
>> but are equivalent to selected xpath specifics
>>
>> Issue 89, Adding a description element
>> http://lists.oasis-open.org/archives/xacml/200806/msg00047.html
>>
>> Either add to expression type or to apply. If you add to
>> apply will be more generally pervasive.
>>
>> A problem in the multiple resource profile
>> http://lists.oasis-open.org/archives/xacml/200806/msg00048.html
>>
>> Erik: in the policy can specify xpath version. Mult res prof
>> req does not have similar identification of version.
>> Add an element for 3.0
>>
>> The duration data types
>> http://lists.oasis-open.org/archives/xacml/200807/msg00001.html
>>
>> Looks like oversight. However, if we add it then some of
>> fcns there become redundant.
>> Hal: intro new ones and give warning redundant will be
>> removed in future. Sometimes convenient to keep around.
>> Erik: adding date/time and year/month not the same.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail. You may a link to this group and all your TCs
>> in OASIS
>> at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]