[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for 24 March 2011 TC Meeting
Time: 13:00 EDT
Tel: 513-241-0892 Access Code: 65998
Minutes for 24 March 2011 TC Meeting:
I. Roll Call & Approve Minutes:
Voting
Erik Rissanen
Abbie Barbir
Paul Tyson
Doron Grinstein
Sridhar Muppidi
Gregory Neven
Franz-Stefan Preiss
Bill Parducci
Anthony Nadalin
Rich Levinson
Hal Lockhart
John Tolbert
David Staggs
Non-voting
Kenneth Peeples
Duane DeCouteau
Remon Sinnema
10 March 2011 TC Meeting Minutes (Updated):
http://lists.oasis-open.org/archives/xacml/201103/msg00015.html
hal: no objections heard; approved
II. Administrivia
F2F Planning Update
http://lists.oasis-open.org/archives/xacml/201103/msg00006.html
hal: f2f action on chairs to look for proposals
OASIS XACML Webinar: is there interest to develop?
http://lists.oasis-open.org/archives/xacml/201103/msg00034.html
bill: talked to Dee: Erik, Doron, Hal volunteer to work on it.
Conformance Tests: bitkoo xacml 3.0 tests available for examination:
http://lists.oasis-open.org/archives/xacml/201103/msg00008.html
hal: good job by bitkoo; encourage people to check it out
ITU-T Files of Interest: (any update on reviewing? - see minutes above)
http://lists.oasis-open.org/archives/xacml/201103/msg00001.html
abbie: actively working on it, actual submission in next few days;
apr 11-20 group 17 mtg; next update will be after that.
III. Issues
New (from Hal): Specifying a specific associated Resource in a Policy
(Sticky Policies):
hal: http://lists.oasis-open.org/archives/xacml/201103/msg00012.html
hal: suggest we collect errata;
erik: thinks its bad idea
rich: thinks it should be parallel track
erik: volunteers to collect errata then decide what to do next
hal: reqd to produce errata against oasis std
format not specified, just show how published std will
be changed. suggests format of chg line #s ... to ...
hal: point is to collect chgs and agree with chgs then later
decide what, if anything, should be done to specs.
New (from xacml-comment): Specification of extended indeterminate in
combiningalgorithms is incomplete:
erik: http://lists.oasis-open.org/archives/xacml/201103/msg00011.html
hal: erik to look at w errata
New (from Franz-Stefan): Erratum concerning the 'Expression
Substitution Group':
franz-stefan: http://lists.oasis-open.org/archives/xacml/201103/msg00036.html
hal: erik to look at for errata
New (from Greg): Obligations problem: sec 7.16 may confuse "effect","result"
greg: http://lists.oasis-open.org/archives/xacml/201103/msg00037.html
hal: erik to look at for errata
Attribute Assertions in XACML request:
greg has posted proposed profile:
http://lists.oasis-open.org/archives/xacml/201103/msg00035.html
comments on posting:
http://lists.oasis-open.org/archives/xacml/201103/msg00040.html
original (Paul from november 2010):
http://lists.oasis-open.org/archives/xacml/201010/msg00012.html
hal: greg to describe proposal
greg: doc has generic introduction; instead of letting saml carry
values only, can also carry a predicate that could be handled
by the pdp
sec 3 would be chg to saml profile
sec 4 explains how such assertions could be embedded in
a xacml pdp
comments: from doron: who does work? pep or ch? greg: if
ch sees responses passing then ch could do it just as well
from franz-stefan: restrictions on how many queries user
can be making at given time; fishing: systematic queries
to collect underlying constraints
hal: was presented to saml on tue; some pushback on applies
stuff; possibly profiles saml<->xacml should ref each other
and cooperate; xspa has done 3 profiles in 3 tcs;
greg: own group has raised some issues in red balloons on
some of the pages;
paul: has same concerns raised earlier; whole business of
translating between boolean vs real comparison on an attr;
doron: didn't analyze in detail; similar to what they do in
long run; when you have attr responder: what values are
transmitted to responder;
hal: process of obtaining from a provider a predicate;
greg: query will contain predicate to be certified;
doron: has done before in 2003: tell pip go get attr
from various sources; throw attr of user over fence to
provider that returns the boolean; inputs are any num
of attrs, from req;
pep calls svc w some attr; pdp then tells ch - go get more
attrs, then send attrs to predicate responder and return
a boolean rsp that pdp makes decision on.
greg: in doron's scenario: predicate is fixed in some kind
of service; greg's proposal is for any predicate: is doron's
for specific predicate?
doron: can give any predicate, but can also add more attrs;
user is 123, dept is xyz, is he over 21? pred calcs t/f
greg: not aware is it doc'd anywhere
doron: filed a patent; can set up a demo;
hal: didn't quite follow:
doron: define pred; attrs about principal;
predicate resolver;
hal: part of saml based on this is attr query, no guarantee
about what will be returned; make a query w a bunch of attrs
and predicates;
rich: thinks there is lot of stuff out there: saml profiles,
doron's stuff, other products, federation, papers have published
various things on collecting attrs, preparing predicates, and
producing results;
greg: point of profile is do basically that;
hal: concern about mention of patent - need to review oasis ipr
policies before introducing any patented technology
greg: p6, gives example
hal: missing attrs, attr finders, david's paper, interesting topic
wrt to obtaining attrs independent of notion of "predicates"
doron: predicate is just another attr for pep go get; do we want
to represent expression in policy; might be able to communicate
policy to responder
hal: in general can flatten anything out to a scalar;
rich: one or more scalars;
paul: xacml loosely coupled: common vocabulary that all participants
are aware of; introducing local attrs - policy writer can't
in terms of well known attrs; that alone introduces complexity
hal: xacml doesn't define your attrs, names, etc. need that
knowledge
paul: in any domain you will have that set of attrs; can do
varied analysis and be sure what you are doing; doron's notion
extends ch to not just deal w attrs, but throws over wall;
doron: example: can ask a weather service if it is raining; don't
need to know the internals of the impl
paul: pdp evaluates w full knowledge of attrs involved; can
eval wrt attrs of unknown origin;
hal: black box; ask what humidity is: why do you need to know
the impl in the black box.
doron: need to support both black and white box; call for credit
score - don't know how they do it, just need the score; in other
cases need to send attrs to control evaluation of credit score;
greg: how does ch know which attr to query?
doron: for each attr have info and expression, policy identifier,
etc. dynamic data provider; boolean is ultimate response
greg: sounds similar to locally meaningful attr-id's
rich: have reached end of meeting time 2:00
hal: to be continued; greg is updating proposal?
greg: will work w what tc wants to do;
hal: ask tc-admin for template, then can post to our archive;
rich: was same doc submitted to both xacml,saml?
greg: yes
david s: incits: producing next gen access ctl, can put some
text in for xacml in cs1; need to be member of cs1: us body
for iso?
hal: next mtg in 2 weeks; progress pts on list as much as possible.
BTG Profile (Break The Glass):
several recent comments (only listed most recent from each named member):
david-c: http://lists.oasis-open.org/archives/xacml/201103/msg00014.html
mike: http://lists.oasis-open.org/archives/xacml/201103/msg00021.html
erik: http://lists.oasis-open.org/archives/xacml/201103/msg00024.html
doron: http://lists.oasis-open.org/archives/xacml/201103/msg00027.html
martin: http://lists.oasis-open.org/archives/xacml/201103/msg00028.html
bill: http://lists.oasis-open.org/archives/xacml/201103/msg00029.html
paul: http://lists.oasis-open.org/archives/xacml/201103/msg00030.html
david-s: http://lists.oasis-open.org/archives/xacml/201103/msg00032.html
rich: http://lists.oasis-open.org/archives/xacml/201103/msg00033.html
original (David C):
http://lists.oasis-open.org/archives/xacml/201011/msg00017.html
PIP directive (additional information directives)
original (David): http://lists.oasis-open.org/archives/xacml/201010/msg00005.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]