[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Submissions of XACML updates to ITU: questions
Summary: We must pass on some estimates to ITU about likely availability of XACML v3 and related/profile material. See the questions (a), (b) & (c) below. As you know, XACML v2 was submitted to and approved by ITU-T in 2006 as ITU Recommendation X.1142. (See http://www.oasis-open.org/apps/org/workgroup/xacml/email/archives/200605/msg00003.html) I believe this included all elements then part of the 2005 OASIS Standard, e.g., the then-current RBAC, SAML, XML D-Sig and privacy policy profiles. ITU-T's Study Group 17 on Security, the host panel for the 2006 submission who now has reorganized for next multi-year study period, formally has asked us to submit relevant updates of XACML, for similar transposition. OASIS' Liaison Policy (http://www.oasis-open.org/committees/liaison_policy.php#submitwork) suggests that we consult with the TC about this. As you probably know, generally we send only artifacts approved under the TC Process at the "OASIS Standard" and "Approved Errata" levels up to the global de-jure SSOs. Currently, I am aware of a number of XACML items which may be the basis for a submission to ITU, but none of which have yet reached that approval level: 1. January 2008 set of v2 errata that apparently were not submitted as official "Approved Errata" under our rules 2. Ongoing work on XACML v3 core (current draft Apr 2009, see http://lists.oasis-open.org/archives/tc-announce/200905/msg00006.html) 3. Ongoing work on XACML v2 for Healthcare (current draft Aug 2009) 4. Additional v3 profiles underway including export compliance (in public review now) , OpenDocument, IP control (in public review now), web services and PDP metadata. In responding to ITU, we would like to: (a) explain whether the 2008 v2.0 errata are at a level that ought to be sent to ITU, or why not; (b) offer a nonbinding estimate date for the OASIS standard submission of XACML v3.0; and (c) offer a comment on the likelihood of profiles and ancillary material being available, rolled up and inserted as part of such a submission. Giving the ITU panel a reasonable view into our plans and timing, based on the TC's expected progress, is a necessary part of our interorganizational collaboration. It's to be expected that the ITU authorities wish their versions also to be kept current with our work. When and if we make a formal submission, it can be done at the request of the TC, under Section 1(d) of our Liaison Policy, by a Special Majority Vote of the TC. Alternatively, if we have committed to ITU to send future major versions (as often is requested, and I believe we did in the 2006 submission), Section 5(b) of the Liaison Policy also permits the OASIS executive to direct the submission, subject to appeal. For now, though, our need is to compose an answer to the three questions (a), (b) and (c) above, with the help of the TC's experts. Feedback is welcome and requested, on this list or individually. Thanks for your attention and happy holidays. ~ James Bryce Clark ~ General Counsel, OASIS ~ http://www.oasis-open.org/who/staff.php#clark
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]