OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: MInutes 10 February TC Meeting

I. Roll Call
 Voting Members
   Hal Lockhart (Chair)
   Bill Parducci (Co-Chair, minutes)
   Erik Rissanen
   Paul Tyson
   Doron Grinstein
   Gareth Richards
   Remon Sinnema
   Rich Levinson
   John Tolbert
   David Staggs

  Abbie Barbir
  Mike Davis
  Anthony Nadalin
  Gregory Neven*
  David Chadwick*
  Franz-Stefan Preiss*

 *Voting Member as of next meeting

Quorum met: (100% per Kavi)

I. Roll Call & Approve Minutes:
  27 January 2011 TC Meeting (Updated):
  APPROVED unanimously

II. Administrivia
 NIST IDTrust Symposium Call for Poster Announced

  The TC is looking for a volunteer to work on a WSDL for V2, V3. 

  Doron volunteered BitKoo to host location (Los Angeles). Rich
  suggested hosting on East Coast since last F2F was in San Francisco.
  Erik suggested something that coincides with Catalyst in San Diego
  (July). Coordinating with timing of the ID-Trust meeting (Washington
  DC) in April was suggested as well as Toronto.

III. Issues
 BTG Profile (Break The Glass):
  David Chadwick reviewed the document posted to the list. Paul voiced
  concern over attempting to standardized this scenario based upon the 
  PDP's knowing of how BTG is applicable. Rich requested a diagrammatic
  representation be presented to the list that works through the BTG
  process. David offered to post one from his paper, noting that the
  attribute would not be visible. Erik noted that the Profile should
  more clearly specify the Policy determines who is allowed to Break
  the Glass. 

  Mike Davis offered that Break the Glass has special significance to
  the health industry and that this proposal is addressing an issue
  that is larger than this. John Tolbert concurred, suggesting that
  this may be more appropriately referred to as Risk Adaptive Access

 Attribute Assertions in XACML request
  Gregory reviewed the current status of the discussion. Paul offered
  that the two use cases being discussed are the same problem. Gregory 
  responded that the Attribute matching is unique. Paul argued that
  this would still require something to manage the Attributes. Gregory
  the full predicate would be passed to the IDP and it would return the
  predicate as "certified". 

  Paul offered that by "passing a chunk of a Policy" to the IDP breaks
  the "single decision point". Hal asked how is this different than the
  SAML query of, "give me the guys age if he is over 25".

  Hal suggested that we explore the "explicit" flavor of this issue to
  wring out the core problems/structure. Further discussion will
  continue on the list.

meeting adjourned.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]