OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes 16 July 2009 TC Meeting

Proposed Agenda for 16 July 09 XACML TC Meeting:
  Time: 10:00 am EDT
  Tel: 512-225-3050 Access Code: 65998

   Note: GeoXACML Presentation Today: See Details Below

10:00 - 10:05 Roll Call & Approve Minutes
   2 July 2009 TC Meeting

Erik Rissanen
Paul Tyson
Bill Parducci
Rich Levinson
Hal Lockhart
Seth Proctor
David Staggs
Duane DeCouteau

Gareth Richards

Guest: Jan Herrmann 

	Have quorum

10:05 - 10:15 Administrivia

   Discuss Agenda: As normal, issues are below: unless there are items that
   need immediate attention, it is suggested that, aside from announcements,
   we delay issues until next time and proceed with the presentation.

   Concordia/Catalyst - Identity Workshop (July 27, San Diego)

   Concordia/Catalyst - July 27-31 (San Diego) - 
   Invite for informal get-together for TC members and others

   Open Document Format for Office Applications Document Controls Profile 
   (09-06-26-proposal00079) uploaded

   Export Control - U.S. (EC-US) 
   (xacml-3.0-ec-us-v1-spec-cd-01-en.doc) uploaded

   XSPA Profile of XACML v2.0 for Healthcare 
   (xacml-xspa-1 0-cd04.doc) uploaded
   TBD: TC authorize a vote to promote the Committee
    Draft with these edits to Committee Specification 

	Take vote for Mary to create a ballot
	 TC agrees chgs not substantive
	David moves chgs not substantive and that electronic
	Duane seconds
	No discussion
	Any objections to unanimous consent
	Erik: any refs that need updating
	Hal: no other docs refer to this, does this refer to others
	 amend to say we will adjust refs to point to updated refs
	 at time of release.
	Dave amends
	Duane seconds
	Any objections for ballot w amendment
	No objections
	It carries

10:15 - 11:00 Presentation
   (As indicated at last TC mtg/minutes, we have invited presenter.
    Slides are available from link below, and TC members are advised
    to review prior to presentation, so questions and comments 
    might be prepared in advance)

   Jan Herrmann (Chair: GeoXACML SWG) will present and discuss:
   Design Options for GeoXACML:
   Access Control for OGC Web Services with (Geo)XACML
   Updated presentation at:

	Jan introduces xacml
	slide  1 - Title/credits
	slide  2 - introduce to ways OWS data represented/ pre/post
	slide  3 - fine grain, content dependent, spatial, env-ctx-dep
	slide  4-7 - examples of rules
	slide  8 - pre process both req & rsp (i.e. ws rsp not pdp rsp)
	slide  9 - hi level arch req/rsp both go thru pep
	slide 10 - 2 approaches: attr-desig, attr-sel
	slide 11 - attr-des; destroys structure, atomic data
	slide 12 - ex shows attr-des probs, bldg objects ambiguities
			generate coarse grain objects; lose ref info			
	slide 13 - also can't use w/o intro of lots of URNs
	slide 14 - conclude attr desig not good enough
	slide 15 - propose attr selector, no URNs, 
		   	no attr instantiate in PEP
			conclude: need attr sel
			another doc link on portal
	slide 16-18 skipped; old web svc kvp encoding (not in new slides)
	slide 19 - how to write rules
	slide 20 - right side websvc response; need to apply rules
			on what can be shown to user
	slide 21 - xpath predicates; limited expressiveness for doing
			comparisons etc.; filter not possible
	slide 22 - mult/hier prof approach; pep gen global acdr, referring
		 	to resources; res-id pts to root; scope is all
			descendant nodes; pdp will derive ind requests;
			scope deleted, not needed; prelim

			slides in pres mode see ids changing
			if all rules ref feature members don't need to go
			down all tree branches

			reg expr refer to featue member nodes; can use attr

	slide 23 - summary of advantages: can use all xacml/geoxacml fcns;
			flexible use of pointers;
			performance; looks difficult but can be optimized
	slide 24 - xpath expr analysis
	slide 25 - xpath node match: same limits as attr-selector
	slide 26 - summary capabilities of options
	slide 27 - post processing limits
	slide 28 - pre-process limits; object type: building, props: owner,
			price, location; filter can't be used properly
	slide 29/26 - pep adds obligation; query rewrite to backend by pep
	slide 30/27 - advantages: avoid post processing issues; rewritten
			queries guarantee filter data not returned
			disadvantages; unexpected svc behavior
	slide 31/28 - wfs lang does not allow filters; need to do 2nd ac step
	slide 32/29 - both approaches have +,- depends on semantics of appl etc.
	slide 30 (new only) - recommendation; order of params, etc
			new "category" of attrs action/res combo?
			attr bags
	slide 31 (new only) - more recommendations - eng report is public
			and we can review. hard to write chg requests; would
			rewrite profiles completely; might be better to have
			a web svc profile containing these two; more general
			non-xml resources; so generic so many ways to read
			profiles; should limit generality
			if do geo profile; how to use underlying profiles

	Erik: re: new p 78,66 Jan: allows element nodes gone;
	Hal: we should discuss on list, possibly Jan can have another visit
		after we have processed the info further and/or address
		questions raised on list (TBD)
	Hal: meeting adjourned 11:20

10:15 - 11:00 Issues (propose to postpone discussion until next mtg)

   relax-ng grammar for xacml

   XSPA Profile of XACML v2.0 for Healthcare / Action Item from 2-Jul-09 
   (has updated attached spreadsheet)

   x.500 (new concerns on same issue from prev mtgs)

   Comments on: Open Document Format Office Appl Controls Profile 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]