Subject: Proposed Agenda for 23 September 2010 TC Meeting
Proposed Agenda for 23 September 2010 TC Meeting: Time: 13:00 EDT Tel: 513-241-0892 Access Code: 65998 13:00 - 13:05 Roll Call & Approve Minutes: Roll Call: Approve Minutes: 9 Sep 2010 TC Meeting: http://lists.oasis-open.org/archives/xacml/201009/msg00003.html 13:05-13:10 Administrivia: BrightTALK Authentication Summit Oct 7th "opportunity to showcase the XACML Standard with a webinar" speaker (vendor-neutral) opportunity - see email for more info: http://lists.oasis-open.org/archives/xacml/201009/msg00008.html Identity Management 2010: update - Keynote Info Worldwide Identity Solutions for Online Security, Privacy and Trust 27-28 September, Washington, DC USA http://events.oasis-open.org/home/IDM/2010 see recent emails (also see prev mtg minutes): http://lists.oasis-open.org/archives/xacml/201009/msg00007.html 13:10-14:00 XACML v3 Status: Next steps: Next steps: All 8 specs are CS, we were going to check that TC-Admin did the necessary updates. To move to OASIS Specification need 3 members to confirm they are using specs New Issues: Jan,Paul: "using the xacml obligation mechanism for service request or response rewrite" http://lists.oasis-open.org/archives/xacml/201009/msg00004.html http://lists.oasis-open.org/archives/xacml/201009/msg00005.html http://lists.oasis-open.org/archives/xacml/201009/msg00006.html Old Issues - new issue (last time) from Jan: obligations satisfied by PEP? Is there a reason why the core spec recommends/?constrains implementations that obligations have to be fulfilled in the pep and not in the ctx handler. http://lists.oasis-open.org/archives/xacml/201009/msg00002.html left as waiting for more reqts - A paper about extending XACML to specify quantified risk adaptive access control http://lists.oasis-open.org/archives/xacml/201008/msg00008.html (was some discussion last mtg - any further actions? ) - User is asking why: "'3.1 Nodes in an XML document' requiring that not only should one include a resource-id of type xpath-expression for the node that is the resource for the access decision but also its parent and all ancestors. Why is this required by the spec? Why is it necessary." This should already be addressed in 3.0 hier profile; should we consider updating the 2.0 hier profile w errata? Rich took action to look into current status of implementers guide and consider updating w relevant info on hier.