Subject: Minutes for 8 April 2010 TC Meeting:
Time: 13:00 EDT Tel: 513-241-0892 Access Code: 65998 Minutes for 8 April 2010 TC Meeting: 10:00 - 10:05 Roll Call & Approve Minutes: VOTING Erik Rissanen Paul Tyson Gareth Richards Sridhar Muppidi Bill Parducci Anthony Nadalin Duane DeCouteau David Staggs Naomaru Itoi Rich Levinson Hal Lockhart Dilli Arumugam John Tolbert NON-VOTING Roy D'Souza Gerry Gebel GUEST Steve Hanna Juniper Networks Guest Mike Davis Veterans Administration Approve Minutes: 25 March 2010 TC Meeting http://lists.oasis-open.org/archives/xacml/201003/msg00017.html approved the minutes, no objection Adminsitrivia OASIS Announcement: Privacy Management Ref Model Webinar: http://lists.oasis-open.org/archives/xacml/201003/msg00028.html mentioned Guest presentation by Steve Hanna on IF-Map and XACML: http://lists.oasis-open.org/archives/xacml/201003/msg00011.html V3 Status: Hal: designated cross-refs: need to comply w oasis process if doc having version numbers are subject to change. Can do that by taking docs back to wd, w/o pub rev, take all votes again. Instead can designate at beginning that certain refs are "designated cross-refs" - can't go to its voted state until refs reach final state. Mary said need to have expected approval date. email from Erik has all des x-ref info; for John's only ref is to core of 3.0. http://lists.oasis-open.org/archives/xacml/201001/msg00039.html Rich: suggests that the cross-refs should be self-identified, by the URIs. Hal: the URIs would be ok, but the official title, date may not be accurate. Erik: how does "doing later" work it out, because then docs are back to wdxx. Hal: there is exception for "schemas". Erik: proposes that we do the designated x-refs General discussion: pick expected approval date for the 8 specs (plus John's spec - assuming he g example: For Export Control we are requesting committee specification ballot, and the document will contain a designated x-ref as defined in TC Process section 2.19 (which may delay the date the spec reaches approved status) and the name, version (ex. 3.0) and revision number (ex cd-02) and expected approval status is OASIS Standard, with expected approval date, Dec 31, 2010. John moves the above motion: Hal: any objections? no objections. John moves above motion for Intellectual Property for 2nd public review of 15 days. Hal: any objections? no objections. Hal: now we have the 8 documents: Hal: change log? http://lists.oasis-open.org/archives/xacml/201001/msg00050.html Erik: For pub rev: Core Hier Mult Saml Not for pub rev (don't need to do anything now, just have to certify they haven't changed since last pub rev. Admn no subst chgs DSig no subst chgs Priv no subst chgs Rbac no subst chgs Hal: will follow the same template for public review, except for 30 days for the 4 docs: core, hier, mult, saml. THey have designated x-refs, may be delayed, planned state is OASIS Standard, expected approval date is Dec 31, 2010. Erik makes above motion: Hal: any objections to unanimous approval? no objections, approval accepted. Latest upload: 8 separate documents: Admin: http://lists.oasis-open.org/archives/xacml/201003/msg00018.html Core: http://lists.oasis-open.org/archives/xacml/201003/msg00019.html Dsig: http://lists.oasis-open.org/archives/xacml/201003/msg00020.html Hier: http://lists.oasis-open.org/archives/xacml/201003/msg00021.html Mult: http://lists.oasis-open.org/archives/xacml/201003/msg00022.html Priv: http://lists.oasis-open.org/archives/xacml/201003/msg00023.html Rbac: http://lists.oasis-open.org/archives/xacml/201003/msg00024.html Saml: http://lists.oasis-open.org/archives/xacml/201003/msg00025.html IPC Profile uploaded (questions on baseline and format): http://lists.oasis-open.org/archives/xacml/201003/msg00014.html ODF Profile uploaded: http://www.oasis-open.org/committees/document.php?document_id=36728&wg_abbrev=office Proposed ontologies discussion item from Dave Staggs: Discuss what work we can do on using ontologies for XACML-based authorization decisions. This may be considered to continue the ongoing discussion with most recent segment at end of Mar 11 mtg minutes: http://lists.oasis-open.org/archives/xacml/201003/msg00009.html Dave: from emails, there are lots of good ideas, suggests we have a work item that focuses on a specific example profile, and look at profile for use by a certain ontology-specific area like health-care. Also interested is Jericho. Mike Davis: primary rep for VA, co-chair for security in HL7 which is a health care SDO. This discussion at xacml is also in discussion in HL7; have work items there to create ontologies, including one for security; was follow-up to work done in XSPA, which is XACML-related OASIS TC. Would be worth examining convergence of xacml and hl7 work. Hal: to clarify: is proposal to do a specific profile for health care which would also become a how-to in other domains. Mike: would expect xacml to do its own general model and that the healthcare would be instance of impl that could be demo'd, but in particular, not dependent on specific hl7 ontology, as that is also in the embryonic stage. Paul: ref'd wiki page on xacml that describes current state of xacml tc work on it; question: does what is there represent what Mike and Dave are looking to do? Mike: hl7 is a ref model, believe they would take info model and create conceptual relations between attributes, currently related in hierarchical fashion, includes notion of hierarchical roles. A role can allow orders to be made, and also to make specific orders like prescriptions. Patients can also prescribe restrictions against these hierarchical privileges that are granted. Envision at runtime, particular permission in hier structure, table could be looked up in sensible order so that permits and denies can be efficiently oriented. Paul: there was proposal in users list in Jan; Paul proposed a soln; nothing prevents how req ctx gets built. Hal: hour is just about up. Suggests a subgroup of interested parties; please use mail list; if need separate call, let's look at it starting next month; 1. create what it means to define ontology 2. define what it means for xacml to support an ontology - hand off to ctx hndlr, handoff to supplementary engine, etc. Paul: need principles how to approach: xacml is pretty flexible and would want to capitalize as far as possible. Hal: any objections to pursuing this work item? no objections. Dave: will try to have pres by mtg after next. Hal: any late arrivals? none.