[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes 26 February 2009 TC meeting
-------------------------------------------------------------------------------- Time: 10:00 am EDT Tel: 512-225-3050 Access Code: 65998 Proposed Agenda for 26-Feb-09 TC Meeting: 10:00 - 10:05 Roll Call Voting Members Erik Rissanen Axiomatics AB Bill Parducci Individual Rich Levinson Oracle Corporation Hal Lockhart Oracle Corporation Anil Saldhana Red Hat John Tolbert The Boeing Company Members Anthony Nadalin IBM We have quorum 10:05 - 10:15 Administrivia Approve Minutes 19 February 2009 TC Meeting Minutes http://lists.oasis-open.org/archives/xacml/200902/msg00039.html accepted, no objection Meeting schedule: will continue to meet weekly thru the end of March, then revisit RSA Conference: April: Hal planning to give "advanced talk" no more info 10:15 - 11:00 Issues [Documents posted] Proposed rev: Hierarchical Resource Profile uploaded by Rich (2/23): (re: issue below) http://lists.oasis-open.org/archives/xacml/200902/msg00056.html discuss below XACML 3.0 Core WD08 uploaded by Erik (2/5): (reminder, for review) http://lists.oasis-open.org/archives/xacml/200902/msg00003.html reminder to people: review [New Issues] Comment on combining algorithms in Core WD07 Erik reply fix is made (is it in wd8 or next?) http://lists.oasis-open.org/archives/xacml/200902/msg00054.html Erik: planned for WD09 Hierarchical profile Rich raised need for addressing a severe issue, based on results of in-depth discussions last week in addition to Jan discussions: http://lists.oasis-open.org/archives/xacml/200902/msg00055.html also provided proposed changes to spec to address issues: http://lists.oasis-open.org/archives/xacml/200902/msg00056.html STATUS: OPEN Rich: explained the proposal discussion: mostly on following topics: differences in ancestor collection and how done in both schemes: DAG and forest conceptualization of forest, which is disjoint, having "intersections" - the concept in the proposal is that the resources themselves should be viewed as an unstructured collection, which has org applied to it in the form of hierarchies. In the forest scheme, Hal suggested each defined hierarchy has a different distinguishing color, so one can see that a particular resource might have multiple lines crossing it, one for each hierarchy of which it is a member. The same conceptualization applies to DAG as well, except does not show spreading of DAG hierarchies to include automatic members that are children of parents from the original hierarchy where the children were not in that hierarchy the parent belonged to, but are now because they are the child of that parent from a different hierarchy that they both did originally belong to. ACTION: rich: provide an easy example in separate email; other TC members: review proposal [carryover from previous meetings] Open Issues in SAML Profile any status changes on actions (see minutes): 1. Disallow inheritance semantics from request data; Suggested proposed text in this email: http://lists.oasis-open.org/archives/xacml/200902/msg00013.html 2.Required methods to obtain policies from refs: none or some? Generally: what to do about "missing policie" Hal indicated would provide a proposal on ws-fed attr type stuff Comments indicated all ok and rev in progress. Multiple Request Proposal Erik proposal to add MultiRequest element to core schema: http://lists.oasis-open.org/archives/xacml/200902/msg00014.html STATUS: OPEN still was question on xml:id; where do we stand overall on what's next here? Hal using xml:id now, in 2009, is way to go. 5 yrs ago, the canonicalization did not work correctly but now it does people now using exclusive canonicalization no reason not to use it. Hal: do not need to declare xml:id Erik: tried it, but there was problem Hal: possibly parser used is not supporting xml:id Erik: xsd specification is how you use xml: namespace Rich: sig pkgs use id without schema validation Hal: need to declare the ids Erik: "note D2" of xml:id spec is the "issue" Hal: drop not to Norm Walsh of Sun, one of spec's authors spec is - "xml:id Version 1.0": w3c tr recommendation http://www.w3.org/TR/xml-id/ this note points to "Minimally conforming schema processor", which sounds like ability to handle xml:id w/o other schema validation, also it says "Note that the effects of a Minimally Conforming Schema Processor, processing the above schema, are approximated by simply looking for attributes named xml:id, ensuring the value of such attributes has the correct lexical form (NCName), and the value is unique within the document." ACTION: Erik to drop A notE to Norm Walsh of Sun, one of spec's authors, based upon Hal's suggestion RBAC Profile no change: if proposal is delivered for Role Enablement Authority capabilities or example of best practices, we will evaluate. Note: profile already does provide specific URN to indicate an REA: "urn:oasis:names:tc:xacml:2.0:subject-category:role-enablement-authority" presumably an example would build on this foundation.