Subject: Minutes 28 August 2008 TC Meeting
Meeting minutes: "->" => action item Meeting held: 28-Aug-08 Time: 10:00 am EDT Tel: 512-225-3050 Access Code: 65998 10:00 - 10:05 Roll Call & Minutes Approval Voting Members Erik Rissanen Axiomatics AB Rich Levinson Oracle Corporation Hal Lockhart Oracle Corporation Seth Proctor Sun Microsystems Duane DeCouteau Veterans Health Administration David Staggs Veterans Health Administration Members Brett Burley Veterans Health Administration Anil Saldhana of Red Hat is on Leave of Absence. Vote on Minutes from 14 August TC Meeting http://lists.oasis-open.org/archives/xacml/200808/msg00009.html minutes approved 10:05 - 10:10 Administrivia Special Rates for the Security Forum Expire 29 August http://lists.oasis-open.org/archives/xacml/200808/msg00010.html HERAS-AF is their acronym - add to list on tc home page Florian is from that group. -> Hal sent Rich info to post (tbd) 10:05 - 11:00 Issues Optimizing <Target> evaluation http://lists.oasis-open.org/archives/xacml/200808/msg00000.html Accept Erik's proposal; will apply to 3.0 but not 2.0 -> Give it issue #, couple others, too: Hal to do. XSPA profile of XACML v2.0 for Healthcare http://lists.oasis-open.org/archives/xacml/200808/msg00008.html Looking for comments from TC Multiple PEP's, PDP's to make more realistic Hal: enforcement arch at RSA Interop was deliberate simplification Hal: concern about bus logic in appl; Erik: not sure about showing HL7 in requests; thinks resource should be described in terms of things intrinsic to resource. Dave: permissions are result of engineering process; determine permission analysis of who does the work - health providers, clinicians, etc. HL7 has been carefully prepared for this Erik: different way of representing same policies. Rich: HL7 is representative of vertical; HL7 is specific way to implicitly have policy metadata in the "appl" space, it is pretty clearly detailed in the interop doc - basically the HL7 permissions come in as resource attrs; more of a "policy attachment" to resource model; possibly one could envision a core policy store distributint attachments out; definitely different in concept than "typical" xacml, but able to be used by xacml nonetheless. Hal: could be best worked out as "here's another way to do the same thing" Dave: add text about not creating "legacy trap"; there will always be appl-specific attrs; don't want infrastructure to have to know every detailed permission. External Input A slew of comments related to the specification were submitted recently. They may be found on the XACML Comment list: http://lists.oasis-open.org/archives/xacml-comment/200808/maillist.html Hal: we will need to get the comments in the errata; ROland Illig's comments are errata on function name; need issue for it. Erik: wd doesn't have date in it Hal: issue: Why are defns for all, any so complicated? Is language expressing well-defined? Capture as an issue, as well as (from 8/6 email Roland capture as issue) Hal: next one appears to be typos, but there is also a little tool for scripting. Hal: msg from Oleg: says reported before: resource-id, target-namespace. Hal: msg from Roland: re: profile web svcs spec: subsume symbol defns as one issue: Hal: string defn (Roland); also oleg follow-up - make sure coding is not impl-specific - issue Hal: use of word "MAY" - errata - issue - not a choice about whether to evaluate policyset; also follow up emails Hal: issue missing attrs Hal: whitespace - examples, content of whitespace Erik: do you care about white space Hal: wording and appendix in a.3; he has better wording? add issue; Erik thinks may be bigger issue as well. Hal: add issue on ieee 754 Hal: wording on arith fcns: issue Hal: a3.4 - improved wording: issue Hal: defn of "access control": look at - simple errata Hal: doc layout - 1 issue - bunch of "nits" Erik: 5 more issues Hal: schema email; picking one or other eliminates class of problems: schema fragments should have lower precedent than fragments; Erik - easy to make mistake in either Hal: section 7.5 match eval: issue Hal: "work continues" - errata - look at; Erik: circular item might be important Hal: set functions in user-def data types; do we want people able to create new datatypes: Erik - should define own "set" fcn - clarification in doc needed Erik: may be non-issue just clarify to Roland. Hal: defn of rule combining- issue Hal: other issue on Haskell? it is because prev tc member thought Haskell was "way to go", turned out not. Next call Sep 11.