OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes 16 April 2009 TC Meeting

Date: Thu, 16-Apr-09
Time: 10:00 am EDT
Tel: 512-225-3050 Access Code: 65998

Minutes for 16 April 2009 TC Meeting

Proposed Agenda:

10:00 - 10:05 Roll Call & Approve Minutes

Erik Rissanen    Axiomatics AB       Group Member
Bill Parducci*   Individual          Group Member
Rich Levinson    Oracle Corporation  Group Member
Hal Lockhart     Oracle Corporation  Group Member
Anil Saldhana    Red Hat             Group Member
Seth Proctor     Sun Microsystems    Group Member
John Tolbert     The Boeing Company* Group Member
David Staggs     Veterans Health Administration  Group Member 

  Have quorum at start: 7/10

 - Minutes to approve: 9 April 2009 TC Meeting

  Approved, no objection

10:05 - 10:10 Administrivia

 - XACML v3.0 Specification Status

    The following specifications are targeted for Committee Draft status
    at the next meeting as well as to be marked for Public Review. This
    meeting will be held in one week (April 16) at the same time and

    * Core Specfication
    * Hierarchical Resource Profile
    * SAML Profile
    * Administration and Delegation Profile
    * Digital Signature Profile
    * Multiple Resource Profile
    * Privacy Policy Profile
    * Core and hierarchical role based access control (RBAC) Profile

  Have final core and 7 profile specifications

  Motion to move docs to CD:
  Bill moves
  Erik seconds

  Any objections to CD: none
  Vote carries

  Motion to public review:
  Erik moves
  John seconds

  Any objections to public review: none
  Vote carries

  Need doc, html, pdf
  (if editable form not html, then need all 3 (incl editable)

  Need list of individual links to docs:

  Don't know until in repos what the link is.
 -> Hal: will get clarification from Mary

    Hal: Norm Walsh confirmed our use of xml:id

    Hal: we will send docs to Mary for formal formatting check.

    Hal: public review will auto-go to security in OASIS,
	plus IETF, W3C, WS/I, ITUT, maybe NIST, OGC (geo-spatial),
	maybe HL7 (healthcare), Concordia, TSCP (John will provide email).

    Hal: new profile draft on export control

10:10 - 11:00 Issues

 - XACML Export Control -US profile draft

  John: worked on w Paul Tyson, Bell Helicopter, export controls,
    need to define std attrs for international: nationality,
    control numbers from DOC, USML (munitions list, ITAR)

    std attrs for making export control decisions.

 - Public comments submitted for the XSPA profile of XACML

    Finished public review
    Comments received above link

    David: RSA was important to getting public input

     Review xspa issues:
      1	Are gateways included? ACS is gateway.
      2	Diagnostic integers model: info holder does not relinquish
	 control of any info - issue w pre-fetch - diagnostic images
	 are too large

   Hal: responsibility to respond to people who made request,
     but possibly clarify doc to help people understand if the
     comment indicated party did not understand doc.

      3	Request context: how requests are mapped:
	 Hal: this one borrowed mechanism from SAML, may not need
	  to adjust doc but direct to underlying spec.
      4	Demo'd at HIMSS; do SAML, XACML, then they jump into how
	  to do policies - here is how to identify patients; attr
	  is provided, but up to individuals to identify mechanism
      5	Issue w text extracted from saml/xacml profile: basically
	  said we don't return req in rsp.
	 Hal: optional to return; David will incl note
      6 RSA 2008: defining attrs used for Dr Bob, created dissenting-
	  subject-id - name of person being blocked. Would better
	  describe dissenting-subject-id
	 Erik: says he did original suggestion for dissenting
 	 David: masking plus additional info; can be better explained
	 Hal: be careful; if user-id is different format, then may
	  miss that person is supposed to be blocked.
	 David: issue of NTI: should be number assoc w everyone
      6	Default normal confidentiality code: normal is default; could
	  add text to make clearer.
      7	Mary working late - file name overwrites saml - will fix
      8 Links: incl Hal's response; if doc external provide link
	 David will check.
      9 John M: comments in saml will affect xacml: Duane agreed, need to
	  do some harmonization: Duane will provide email w details.
     10	John M: made broad stmt; David: this is interop profile w defined
	  attrs; expect those attrs give scope required for this work.

  Hal: how did HIMSS conf interop go:
   David: we were in future directions portion: demo'd infrastructure of
    a hospital. NHIE will be infrastructure for attrs shipping around and
    have opt-out model; they were very interested in xacml manner of doing
    this; they want the more detailed decision model; Will be taking code
    from HIMSS, make publ avail; will have tool to hook into nationwide
    health info exchange network. NHIN used between health info xchg's;
    will put on set top box; hook system to box, which will plug in.
  Hal: will mention at RSA next week: David will send slide w relevant info.
   Hal: this will be part of new things happening w saml.

- Meeting schedule:

    Hal: we've had an intense period, go back to every other week.
	skip Apr 23 meeting
	next meeting: May 7, then 2 week schedule

  Meeting adjourned: 10:53 AM EDT

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]