OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for 20 May 2010 TC Meeting

Time: 13:00 EDT
Tel: 513-241-0892 Access Code: 65998

Agenda/Minutes for 20 May 2010 TC Meeting:

13:00 - 13:05 Roll Call & Approve Minutes:

Voting Members

Erik Rissanen  	Axiomatics AB
Gareth Richards EMC Corporation
Bill Parducci 	Individual
Roy D'Souza 	Microsoft Corporation
Naomaru Itoi 	NextLabs, Inc.
Rich Levinson 	Oracle Corporation
Hal Lockhart 	Oracle Corporation
David Staggs 	Veterans Health Administration


Jan Herrmann 	Individual

    we have quorum

Approve Minutes:
  6 May 2010 TC Meeting

    hal: any objection to unanimous approval?
	approved no objection

  IPC Profile  - CD 02 uploaded by John Tolbert

XACML v3 Status
  XACML CD 30 day Public Review Announced:

  eXtensible Access Control Markup Language (XACML) Version 3.0
  SAML 2.0 Profile of XACML Version 2.0
  XACML v3.0 Multiple Decision Profile Version 1.0
  XACML v3.0 Hierarchical Resource Profile Version 1.0
  XACML Intellectual Property Control (IPC) Profile Version 1.0

	public review ends June 6, 2010

	note: originally there was some distinction separating
	the schedule for the IPC Profile, but that no longer exists


  Key References - repost by Paul

    Hal: attributes w unique values - 
	as far as policy language - amf addresses some of these issues;
	is against a class of attrs handled in special way; was done
	in 2.0 which seemed to be a mistake; prefers the language to
	unambiguously deal w attrs;

	but req/rsp correlation and using 1 attr value to find other
	attr values - seems to imply an inherent assumption in xacml -
	in context of multi decision, hal asserts when initial request
	is made it is expected that there be sufficient info in the
	values of the multi-request to allow distinguishing one
	request from another. ex 2 identical subjects; on one resource
	is effectively the same request. assert that would get the
	same answer - has implications for possible correlation of
	the responses to the requests.

    Erik: in old discussion concluded that could always add in a
	distinguishing attr to identify.

    Hal: initial set of attr values in req-ctx; pip may provide
	additional attrs that are filled in; believes there is
	an assumption that obtaining those additional attrs is
	based on info already in the context; 

    Rich: a request could come in w just resource and subject and
	the policy could require an action and call out to context
	handler to get action from a pip.

    Hal: Paul is not in attendance today, so this discussion is
	just background for when he is present to further
	explain the "key" requirements. 

  Ontology Discussion
    (see minutes from last meeting)

    Rich: reviewed it and seems like a good description:

    Hal: what about the issue 2 on the list.

    Rich: on the id of elements in rdf, rich agrees w hal and does not
	see the issue on distinguishing subjects, resources, and
	actions by URI alone, since by simply associating the
	desired URIs w the subject-id, resource-id, and action-id,
	as values of those respective attributes, that as far as
	the xacml policy is concerned, the task has been accomplished.

    Rich: in summary, the wiki refers to an abstract "Common Logic" and
	presumably the RDF vocabulary etc can be represented in terms
	of common logic and then reinterpreted within xacml policies
	as needed as a dialect of that common logic in xacml. Then the
	RDF world would simply need to funnel its az requests thru
	a common logic mapper to produce xacml requests.

    Hal: any other business?

     No other business.

	Next meeting June 3, same time, phone#.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]