OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for 8 April 2010 TC Meeting:

Time: 13:00 EDT
Tel: 513-241-0892 Access Code: 65998

Minutes for 8 April 2010 TC Meeting:

10:00 - 10:05 Roll Call & Approve Minutes:

Erik Rissanen
Paul Tyson
Gareth Richards
Sridhar Muppidi
Bill Parducci
Anthony Nadalin
Duane DeCouteau
David Staggs
Naomaru Itoi
Rich Levinson
Hal Lockhart
Dilli Arumugam
John Tolbert

Roy D'Souza
Gerry Gebel

Steve Hanna	Juniper Networks	Guest
Mike Davis	Veterans Administration

Approve Minutes:
 25 March 2010 TC Meeting

   approved the minutes, no objection


  OASIS Announcement: Privacy Management Ref Model Webinar:


  Guest presentation by Steve Hanna on IF-Map and XACML:

  V3 Status:

  Hal: designated cross-refs: need to comply w oasis process if 
    doc having version numbers are subject to change. Can do that
    by taking docs back to wd, w/o pub rev, take all votes again.
    Instead can designate at beginning that certain refs are
    "designated cross-refs" - can't go to its voted state until
    refs reach final state.

    Mary said need to have expected approval date.

    email from Erik has all des x-ref info; for John's only ref
    is to core of 3.0.

    Rich: suggests that the cross-refs should be self-identified,
     by the URIs. 

    Hal: the URIs would be ok, but the official title, date may
     not be accurate.

    Erik: how does "doing later" work it out, because then docs
     are back to wdxx.

    Hal: there is exception for "schemas".

    Erik: proposes that we do the designated x-refs

    General discussion: pick expected approval date for the 8 specs
     (plus John's spec - assuming he g


    For Export Control we are requesting committee specification ballot, and the
     document will contain a designated x-ref as defined in TC Process
     section 2.19 (which may delay the date the spec reaches approved status)
     and the name, version (ex. 3.0) and revision number (ex cd-02) and
     expected approval status is OASIS Standard, with expected approval
     date, Dec 31, 2010.

   John moves the above motion:
   Hal: any objections?
    no objections.

   John moves above motion for Intellectual Property for 2nd public review of 15 days.
   Hal: any objections?
    no objections.

   Hal: now we have the 8 documents:
   Hal: change log?


    For pub rev:

    Not for pub rev (don't need to do anything now, just have
     to certify they haven't changed since last pub rev.
      Admn no subst chgs
      DSig no subst chgs
      Priv no subst chgs
      Rbac no subst chgs

   Hal: will follow the same template for public review, except
    for 30 days for the 4 docs: core, hier, mult, saml. THey have
    designated x-refs, may be delayed, planned state is OASIS
    Standard, expected approval date is Dec 31, 2010.

   Erik makes above motion:
   Hal: any objections to unanimous approval?
    no objections, approval accepted.

   Latest upload: 8 separate documents:

  IPC Profile uploaded (questions on baseline and format):

  ODF Profile uploaded:

 Proposed ontologies discussion item from Dave Staggs:
   Discuss what work we can do on using ontologies for XACML-based    authorization decisions. This may be considered to continue the
   ongoing discussion with most recent segment at end of Mar 11 mtg

  Dave: from emails, there are lots of good ideas, suggests we have a work
   item that focuses on a specific example profile, and look at profile 
   for use by a certain ontology-specific area like health-care. Also
   interested is Jericho.

  Mike Davis: primary rep for VA, co-chair for security in HL7 which
   is a health care SDO.
   This discussion at xacml is also in discussion in HL7; have work items
   there to create ontologies, including one for security; was follow-up
   to work done in XSPA, which is XACML-related OASIS TC. 
   Would be worth examining convergence of xacml and hl7 work.

  Hal: to clarify: is proposal to do a specific profile for health care
   which would also become a how-to in other domains.

  Mike: would expect xacml to do its own general model and that the healthcare
   would be instance of impl that could be demo'd, but in particular, not
   dependent on specific hl7 ontology, as that is also in the embryonic

  Paul: ref'd wiki page on xacml that describes current state of xacml tc
   work on it; question: does what is there represent what Mike and Dave
   are looking to do?

  Mike: hl7 is a ref model, believe they would take info model and create
   conceptual relations between attributes, currently related in hierarchical
   fashion, includes notion of hierarchical roles. A role can allow orders to
   be made, and also to make specific orders like prescriptions.
   Patients can also prescribe restrictions against these hierarchical
   privileges that are granted.
   Envision at runtime, particular permission in hier structure, table could
   be looked up in sensible order so that permits and denies can be 
   efficiently oriented.
  Paul: there was proposal in users list in Jan; Paul proposed a soln; 
   nothing prevents how req ctx gets built.

  Hal: hour is just about up. Suggests a subgroup of interested parties;
   please use mail list; if need separate call, let's look at it starting
   next month;
   1. create what it means to define ontology
   2. define what it means for xacml to support an ontology - hand off to
    ctx hndlr, handoff to supplementary engine, etc.

  Paul: need principles how to approach: xacml is pretty flexible and would
   want to capitalize as far as possible.

  Hal: any objections to pursuing this work item?
   no objections.

  Dave: will try to have pres by mtg after next.

  Hal: any late arrivals?

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]