OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] Minutes for 24 March 2011 TC Meeting - UPDATED


Rich,

I just noticed that there is another error in the minutes. See inline.

Regards,
Erik

On 2011-03-25 14:24, Rich.Levinson wrote:
> Time: 13:00 EDT
> Tel: 513-241-0892 Access Code: 65998
>
> Minutes for 24 March 2011 TC Meeting - UPDATED:
>
> I. Roll Call & Approve Minutes:
>
> Voting
> Erik Rissanen
> Abbie Barbir
> Paul Tyson
> Doron Grinstein
> Sridhar Muppidi
> Gregory Neven
> Franz-Stefan Preiss
> Bill Parducci
> Anthony Nadalin
> Rich Levinson
> Hal Lockhart
> John Tolbert
> David Staggs
>
> Non-voting
> Kenneth Peeples
> Duane DeCouteau
> Remon Sinnema
>
>
> 10 March 2011 TC Meeting Minutes (Updated):
> http://lists.oasis-open.org/archives/xacml/201103/msg00015.html
>
>   hal: no objections heard; approved
>
>
> II. Administrivia
> F2F Planning Update
> http://lists.oasis-open.org/archives/xacml/201103/msg00006.html
>
>   hal: f2f action on chairs to look for proposals
>
>
> OASIS XACML Webinar: is there interest to develop?
> http://lists.oasis-open.org/archives/xacml/201103/msg00034.html
>
>  bill: talked to Dee: Erik, Doron, Hal volunteer to work on it.
>
>
> Conformance Tests: bitkoo xacml 3.0 tests available for examination:
> http://lists.oasis-open.org/archives/xacml/201103/msg00008.html
>
>  hal: good job by bitkoo; encourage people to check it out
>
>
> ITU-T Files of Interest: (any update on reviewing? - see minutes above)
> http://lists.oasis-open.org/archives/xacml/201103/msg00001.html
>
>  abbie: actively working on it, actual submission in next few days;
>    apr 11-20 group 17 mtg; next update will be after that.
>
>
> III. Issues
> New (from Hal): Specifying a specific associated Resource in a Policy
>  (Sticky Policies):
>  hal: http://lists.oasis-open.org/archives/xacml/201103/msg00012.html
>

The discussion below does not apply to sticky policies, rather to the 
errata issue just below.

>   hal: suggest we collect errata, which would involve dropping some
>     or all of the CS docs back to Working Draft and redo all the
>     votes and public review
>   erik: thinks its bad idea, and instead thinks that we should find a
>     way just to post the errata
>   rich: agrees, and thinks it should be parallel track, which would
>     leave the docs in CS state, allow them to progress to oasis
>     specs, and the errata can be collected independently, until
>     such time as we decide what to do w errata.
>   erik: volunteers to collect errata then decide what to do next
>   hal: reqd to produce errata against oasis std
>         format not specified, just show how published std will
>      be changed. suggests format of chg line #s ... to ...
>   hal: point is to collect chgs and agree with chgs then later
>      decide what, if anything, should be done to specs.
>
>
> New (from xacml-comment): Specification of extended indeterminate in
>  combiningalgorithms is incomplete:
> erik: http://lists.oasis-open.org/archives/xacml/201103/msg00011.html
>
>   hal: erik to look at w errata
>
>
> New (from Franz-Stefan): Erratum concerning the 'Expression
>  Substitution Group':
> franz-stefan: 
> http://lists.oasis-open.org/archives/xacml/201103/msg00036.html
>
>   hal: erik to look at for errata
>
> New (from Greg): Obligations problem: sec 7.16 may confuse 
> "effect","result"
> greg: http://lists.oasis-open.org/archives/xacml/201103/msg00037.html
>
>   hal: erik to look at for errata
>
>
> Attribute Assertions in XACML request:  greg has posted proposed profile:
>   http://lists.oasis-open.org/archives/xacml/201103/msg00035.html
> comments on posting:
>   http://lists.oasis-open.org/archives/xacml/201103/msg00040.html
> original (Paul from november 2010):
>   http://lists.oasis-open.org/archives/xacml/201010/msg00012.html
>
>   hal: greg to describe proposal
>
>   greg: doc has generic introduction; instead of letting saml carry
>     values only, can also carry a predicate that could be handled
>     by the pdp
>
>     sec 3 would be chg to saml profile
>
>     sec 4 explains how such assertions could be embedded in
>      a xacml pdp
>
>     comments: from doron: who does work? pep or ch? greg: if
>      ch sees responses passing then ch could do it just as well
>      from franz-stefan: restrictions on how many queries user
>      can be making at given time; fishing: systematic queries
>      to collect underlying constraints
>    hal: was presented to saml on tue; some pushback on applies
>     stuff; possibly profiles saml<->xacml should ref each other
>     and cooperate; xspa has done 3 profiles in 3 tcs;
>    greg: own group has raised some issues in red balloons on
>     some of the pages;
>    paul: has same concerns raised earlier; whole business of
>     translating between boolean vs real comparison on an attr;
>    doron: didn't analyze in detail; similar to what they do in
>     long run; when you have attr responder: what values are
>     transmitted to responder;
>    hal: process of obtaining from a provider a predicate;
>    greg: query will contain predicate to be certified;
>    doron: has done before in 2003: tell pip go get attr
>     from various sources; throw attr of user over fence to
>     provider that returns the boolean; inputs are any num
>     of attrs, from req;
>     pep calls svc w some attr; pdp then tells ch - go get more
>     attrs, then send attrs to predicate responder and return
>     a boolean rsp that pdp makes decision on.
>
>    greg: in doron's scenario: predicate is fixed in some kind
>     of service; greg's proposal is for any predicate: is doron's
>     for specific predicate?
>    doron: can give any predicate, but can also add more attrs;
>     user is 123, dept is xyz, is he over 21? pred calcs t/f
>    greg: not aware is it doc'd anywhere
>    doron: filed a patent; can set up a demo;
>    hal: didn't quite follow:
>    doron: define pred; attrs about principal;
>     predicate resolver;
>    hal: part of saml based on this is attr query, no guarantee
>     about what will be returned; make a query w a bunch of attrs
>     and predicates;
>    rich: thinks there is lot of stuff out there: saml profiles,
>     doron's stuff, other products, federation, papers have published
>     various things on collecting attrs, preparing predicates, and
>     producing results;
>    greg: point of profile is do basically that;
>    hal: concern about mention of patent - need to review oasis ipr
>     policies before introducing any patented technology
>    greg: p6, gives example
>    hal: missing attrs, attr finders, david's paper, interesting topic
>     wrt to obtaining attrs independent of notion of "predicates"
>    doron: predicate is just another attr for pep go get; do we want
>     to represent expression in policy; might be able to communicate
>     policy to responder
>    hal: in general can flatten anything out to a scalar;
>    rich: one or more scalars;
>    paul: xacml loosely coupled: common vocabulary that all participants
>     are aware of; introducing local attrs - policy writer can't
>     in terms of well known attrs; that alone introduces complexity
>    hal: xacml doesn't define your attrs, names, etc. need that
>     knowledge
>    paul: in any domain you will have that set of attrs; can do
>     varied analysis and be sure what you are doing; doron's notion
>     extends ch to not just deal w attrs, but throws over wall;
>    doron: example: can ask a weather service if it is raining; don't
>     need to know the internals of the impl
>    paul: pdp evaluates w full knowledge of attrs involved; can
>     eval wrt attrs of unknown origin;
>    hal: black box; ask what humidity is: why do you need to know
>     the impl in the black box.
>    doron: need to support both black and white box; call for credit
>     score - don't know how they do it, just need the score; in other
>     cases need to send attrs to control evaluation of credit score;
>    greg: how does ch know which attr to query?
>    doron: for each attr have info and expression, policy identifier,
>     etc. dynamic data provider; boolean is ultimate response
>    greg: sounds similar to locally meaningful attr-id's
>
>    rich: have reached end of meeting time 2:00
>
>    hal: to be continued; greg is updating proposal?
>
>    greg: will work w what tc wants to do;
>
>    hal: ask tc-admin for template, then can post to our archive;
>
>    rich: was same doc submitted to both xacml,saml?
>       greg: yes
>
>    david s: incits: producing next gen access ctl, can put some
>     text in for xacml in cs1; need to be member of cs1: us body
>     for iso?
>
>    hal: next mtg in 2 weeks; progress pts on list as much as possible.
>
>
>
> BTG Profile (Break The Glass):
> several recent comments (only listed most recent from each named member):
>  david-c: http://lists.oasis-open.org/archives/xacml/201103/msg00014.html
>  mike:    http://lists.oasis-open.org/archives/xacml/201103/msg00021.html
>  erik:    http://lists.oasis-open.org/archives/xacml/201103/msg00024.html
>  doron:   http://lists.oasis-open.org/archives/xacml/201103/msg00027.html
>  martin:  http://lists.oasis-open.org/archives/xacml/201103/msg00028.html
>  bill:    http://lists.oasis-open.org/archives/xacml/201103/msg00029.html
>  paul:    http://lists.oasis-open.org/archives/xacml/201103/msg00030.html
>  david-s: http://lists.oasis-open.org/archives/xacml/201103/msg00032.html
>  rich:    http://lists.oasis-open.org/archives/xacml/201103/msg00033.html
> original (David C):
>   http://lists.oasis-open.org/archives/xacml/201011/msg00017.html
>
> PIP directive (additional information directives)
> original (David):
> http://lists.oasis-open.org/archives/xacml/201010/msg00005.html
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]