[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for 24 March 2011 TC Meeting
Time: 13:00 EDT Tel: 513-241-0892 Access Code: 65998 Minutes for 24 March 2011 TC Meeting: I. Roll Call & Approve Minutes: Voting Erik Rissanen Abbie Barbir Paul Tyson Doron Grinstein Sridhar Muppidi Gregory Neven Franz-Stefan Preiss Bill Parducci Anthony Nadalin Rich Levinson Hal Lockhart John Tolbert David Staggs Non-voting Kenneth Peeples Duane DeCouteau Remon Sinnema 10 March 2011 TC Meeting Minutes (Updated): http://lists.oasis-open.org/archives/xacml/201103/msg00015.html hal: no objections heard; approved II. Administrivia F2F Planning Update http://lists.oasis-open.org/archives/xacml/201103/msg00006.html hal: f2f action on chairs to look for proposals OASIS XACML Webinar: is there interest to develop? http://lists.oasis-open.org/archives/xacml/201103/msg00034.html bill: talked to Dee: Erik, Doron, Hal volunteer to work on it. Conformance Tests: bitkoo xacml 3.0 tests available for examination: http://lists.oasis-open.org/archives/xacml/201103/msg00008.html hal: good job by bitkoo; encourage people to check it out ITU-T Files of Interest: (any update on reviewing? - see minutes above) http://lists.oasis-open.org/archives/xacml/201103/msg00001.html abbie: actively working on it, actual submission in next few days; apr 11-20 group 17 mtg; next update will be after that. III. Issues New (from Hal): Specifying a specific associated Resource in a Policy (Sticky Policies): hal: http://lists.oasis-open.org/archives/xacml/201103/msg00012.html hal: suggest we collect errata; erik: thinks its bad idea rich: thinks it should be parallel track erik: volunteers to collect errata then decide what to do next hal: reqd to produce errata against oasis std format not specified, just show how published std will be changed. suggests format of chg line #s ... to ... hal: point is to collect chgs and agree with chgs then later decide what, if anything, should be done to specs. New (from xacml-comment): Specification of extended indeterminate in combiningalgorithms is incomplete: erik: http://lists.oasis-open.org/archives/xacml/201103/msg00011.html hal: erik to look at w errata New (from Franz-Stefan): Erratum concerning the 'Expression Substitution Group': franz-stefan: http://lists.oasis-open.org/archives/xacml/201103/msg00036.html hal: erik to look at for errata New (from Greg): Obligations problem: sec 7.16 may confuse "effect","result" greg: http://lists.oasis-open.org/archives/xacml/201103/msg00037.html hal: erik to look at for errata Attribute Assertions in XACML request: greg has posted proposed profile: http://lists.oasis-open.org/archives/xacml/201103/msg00035.html comments on posting: http://lists.oasis-open.org/archives/xacml/201103/msg00040.html original (Paul from november 2010): http://lists.oasis-open.org/archives/xacml/201010/msg00012.html hal: greg to describe proposal greg: doc has generic introduction; instead of letting saml carry values only, can also carry a predicate that could be handled by the pdp sec 3 would be chg to saml profile sec 4 explains how such assertions could be embedded in a xacml pdp comments: from doron: who does work? pep or ch? greg: if ch sees responses passing then ch could do it just as well from franz-stefan: restrictions on how many queries user can be making at given time; fishing: systematic queries to collect underlying constraints hal: was presented to saml on tue; some pushback on applies stuff; possibly profiles saml<->xacml should ref each other and cooperate; xspa has done 3 profiles in 3 tcs; greg: own group has raised some issues in red balloons on some of the pages; paul: has same concerns raised earlier; whole business of translating between boolean vs real comparison on an attr; doron: didn't analyze in detail; similar to what they do in long run; when you have attr responder: what values are transmitted to responder; hal: process of obtaining from a provider a predicate; greg: query will contain predicate to be certified; doron: has done before in 2003: tell pip go get attr from various sources; throw attr of user over fence to provider that returns the boolean; inputs are any num of attrs, from req; pep calls svc w some attr; pdp then tells ch - go get more attrs, then send attrs to predicate responder and return a boolean rsp that pdp makes decision on. greg: in doron's scenario: predicate is fixed in some kind of service; greg's proposal is for any predicate: is doron's for specific predicate? doron: can give any predicate, but can also add more attrs; user is 123, dept is xyz, is he over 21? pred calcs t/f greg: not aware is it doc'd anywhere doron: filed a patent; can set up a demo; hal: didn't quite follow: doron: define pred; attrs about principal; predicate resolver; hal: part of saml based on this is attr query, no guarantee about what will be returned; make a query w a bunch of attrs and predicates; rich: thinks there is lot of stuff out there: saml profiles, doron's stuff, other products, federation, papers have published various things on collecting attrs, preparing predicates, and producing results; greg: point of profile is do basically that; hal: concern about mention of patent - need to review oasis ipr policies before introducing any patented technology greg: p6, gives example hal: missing attrs, attr finders, david's paper, interesting topic wrt to obtaining attrs independent of notion of "predicates" doron: predicate is just another attr for pep go get; do we want to represent expression in policy; might be able to communicate policy to responder hal: in general can flatten anything out to a scalar; rich: one or more scalars; paul: xacml loosely coupled: common vocabulary that all participants are aware of; introducing local attrs - policy writer can't in terms of well known attrs; that alone introduces complexity hal: xacml doesn't define your attrs, names, etc. need that knowledge paul: in any domain you will have that set of attrs; can do varied analysis and be sure what you are doing; doron's notion extends ch to not just deal w attrs, but throws over wall; doron: example: can ask a weather service if it is raining; don't need to know the internals of the impl paul: pdp evaluates w full knowledge of attrs involved; can eval wrt attrs of unknown origin; hal: black box; ask what humidity is: why do you need to know the impl in the black box. doron: need to support both black and white box; call for credit score - don't know how they do it, just need the score; in other cases need to send attrs to control evaluation of credit score; greg: how does ch know which attr to query? doron: for each attr have info and expression, policy identifier, etc. dynamic data provider; boolean is ultimate response greg: sounds similar to locally meaningful attr-id's rich: have reached end of meeting time 2:00 hal: to be continued; greg is updating proposal? greg: will work w what tc wants to do; hal: ask tc-admin for template, then can post to our archive; rich: was same doc submitted to both xacml,saml? greg: yes david s: incits: producing next gen access ctl, can put some text in for xacml in cs1; need to be member of cs1: us body for iso? hal: next mtg in 2 weeks; progress pts on list as much as possible. BTG Profile (Break The Glass): several recent comments (only listed most recent from each named member): david-c: http://lists.oasis-open.org/archives/xacml/201103/msg00014.html mike: http://lists.oasis-open.org/archives/xacml/201103/msg00021.html erik: http://lists.oasis-open.org/archives/xacml/201103/msg00024.html doron: http://lists.oasis-open.org/archives/xacml/201103/msg00027.html martin: http://lists.oasis-open.org/archives/xacml/201103/msg00028.html bill: http://lists.oasis-open.org/archives/xacml/201103/msg00029.html paul: http://lists.oasis-open.org/archives/xacml/201103/msg00030.html david-s: http://lists.oasis-open.org/archives/xacml/201103/msg00032.html rich: http://lists.oasis-open.org/archives/xacml/201103/msg00033.html original (David C): http://lists.oasis-open.org/archives/xacml/201011/msg00017.html PIP directive (additional information directives) original (David): http://lists.oasis-open.org/archives/xacml/201010/msg00005.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]