OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for 24 March 2011 TC Meeting - UPDATED(2)

Time: 13:00 EDT
Tel: 513-241-0892 Access Code: 65998

Minutes for 24 March 2011 TC Meeting - UPDATED(2):

I. Roll Call & Approve Minutes:

Erik Rissanen
Abbie Barbir
Paul Tyson
Doron Grinstein
Sridhar Muppidi
Gregory Neven
Franz-Stefan Preiss
Bill Parducci
Anthony Nadalin
Rich Levinson
Hal Lockhart
John Tolbert
David Staggs

Kenneth Peeples
Duane DeCouteau
Remon Sinnema

10 March 2011 TC Meeting Minutes (Updated):

   hal: no objections heard; approved

II. Administrivia
F2F Planning Update

   hal: f2f action on chairs to look for proposals

OASIS XACML Webinar: is there interest to develop?

  bill: talked to Dee: Erik, Doron, Hal volunteer to work on it.

Conformance Tests: bitkoo xacml 3.0 tests available for examination:

  hal: good job by bitkoo; encourage people to check it out

ITU-T Files of Interest: (any update on reviewing? - see minutes above)

  abbie: actively working on it, actual submission in next few days;
    apr 11-20 group 17 mtg; next update will be after that.

III. Issues
New (from Hal): Specifying a specific associated Resource in a Policy
  (Sticky Policies):
  hal: http://lists.oasis-open.org/archives/xacml/201103/msg00012.html

    hal: noted that he posted the "sticky policies" and is looking
	for some follow-up discussion. Will defer until people
	get a chance to look it over.

New (from Hal on call): Some of the issues that follow, as well as
  some that have been discussed in prev meetings we might consider
  grouping into an errata document:
  (no related email: was brought up before discussing issues below)

   hal: suggest we collect errata, which would involve dropping some
	or all of the CS docs back to Working Draft and redo all the
	votes and public review
   erik: thinks its bad idea, and instead thinks that we should find a
	way just to post the errata
   rich: agrees, and thinks it should be parallel track, which would
	leave the docs in CS state, allow them to progress to oasis
	specs, and the errata can be collected independently, until
	such time as we decide what to do w errata.
   erik: volunteers to collect errata then decide what to do next
   hal: reqd to produce errata against oasis std
         format not specified, just show how published std will
      be changed. suggests format of chg line #s ... to ...
   hal: point is to collect chgs and agree with chgs then later
      decide what, if anything, should be done to specs.

New (from xacml-comment): Specification of extended indeterminate in
  combiningalgorithms is incomplete:
 erik: http://lists.oasis-open.org/archives/xacml/201103/msg00011.html

   hal: erik to look at w errata

New (from Franz-Stefan): Erratum concerning the 'Expression
  Substitution Group':
 franz-stefan: http://lists.oasis-open.org/archives/xacml/201103/msg00036.html

   hal: erik to look at for errata

New (from Greg): Obligations problem: sec 7.16 may confuse "effect","result"
 greg: http://lists.oasis-open.org/archives/xacml/201103/msg00037.html

   hal: erik to look at for errata

Attribute Assertions in XACML request:  greg has posted proposed profile:
 comments on posting:
 original (Paul from november 2010):

   hal: greg to describe proposal

   greg: doc has generic introduction; instead of letting saml carry
     values only, can also carry a predicate that could be handled
     by the pdp

     sec 3 would be chg to saml profile

     sec 4 explains how such assertions could be embedded in
      a xacml pdp

     comments: from doron: who does work? pep or ch? greg: if
      ch sees responses passing then ch could do it just as well
      from franz-stefan: restrictions on how many queries user
      can be making at given time; fishing: systematic queries
      to collect underlying constraints
    hal: was presented to saml on tue; some pushback on applies
     stuff; possibly profiles saml<->xacml should ref each other
     and cooperate; xspa has done 3 profiles in 3 tcs;
    greg: own group has raised some issues in red balloons on
     some of the pages;
    paul: has same concerns raised earlier; whole business of
     translating between boolean vs real comparison on an attr;
    doron: didn't analyze in detail; similar to what they do in
     long run; when you have attr responder: what values are
     transmitted to responder;
    hal: process of obtaining from a provider a predicate;
    greg: query will contain predicate to be certified;
    doron: has done before in 2003: tell pip go get attr
     from various sources; throw attr of user over fence to
     provider that returns the boolean; inputs are any num
     of attrs, from req;
     pep calls svc w some attr; pdp then tells ch - go get more
     attrs, then send attrs to predicate responder and return
     a boolean rsp that pdp makes decision on.

    greg: in doron's scenario: predicate is fixed in some kind
     of service; greg's proposal is for any predicate: is doron's
     for specific predicate?
    doron: can give any predicate, but can also add more attrs;
     user is 123, dept is xyz, is he over 21? pred calcs t/f
    greg: not aware is it doc'd anywhere
    doron: filed a patent; can set up a demo;
    hal: didn't quite follow:
    doron: define pred; attrs about principal;
     predicate resolver;
    hal: part of saml based on this is attr query, no guarantee
     about what will be returned; make a query w a bunch of attrs
     and predicates;
    rich: thinks there is lot of stuff out there: saml profiles,
     doron's stuff, other products, federation, papers have published
     various things on collecting attrs, preparing predicates, and
     producing results;
    greg: point of profile is do basically that;
    hal: concern about mention of patent - need to review oasis ipr
     policies before introducing any patented technology
    greg: p6, gives example
    hal: missing attrs, attr finders, david's paper, interesting topic
     wrt to obtaining attrs independent of notion of "predicates"
    doron: predicate is just another attr for pep go get; do we want
     to represent expression in policy; might be able to communicate
     policy to responder
    hal: in general can flatten anything out to a scalar;
    rich: one or more scalars;
    paul: xacml loosely coupled: common vocabulary that all participants
     are aware of; introducing local attrs - policy writer can't
     in terms of well known attrs; that alone introduces complexity
    hal: xacml doesn't define your attrs, names, etc. need that
    paul: in any domain you will have that set of attrs; can do
     varied analysis and be sure what you are doing; doron's notion
     extends ch to not just deal w attrs, but throws over wall;
    doron: example: can ask a weather service if it is raining; don't
     need to know the internals of the impl
    paul: pdp evaluates w full knowledge of attrs involved; can
     eval wrt attrs of unknown origin;
    hal: black box; ask what humidity is: why do you need to know
     the impl in the black box.
    doron: need to support both black and white box; call for credit
     score - don't know how they do it, just need the score; in other
     cases need to send attrs to control evaluation of credit score;
    greg: how does ch know which attr to query?
    doron: for each attr have info and expression, policy identifier,
     etc. dynamic data provider; boolean is ultimate response
    greg: sounds similar to locally meaningful attr-id's

    rich: have reached end of meeting time 2:00

    hal: to be continued; greg is updating proposal?

    greg: will work w what tc wants to do;

    hal: ask tc-admin for template, then can post to our archive;

    rich: was same doc submitted to both xacml,saml?
    greg: yes

    david s: incits: producing next gen access ctl, can put some
     text in for xacml in cs1; need to be member of cs1: us body
     for iso?

    hal: next mtg in 2 weeks; progress pts on list as much as possible.

BTG Profile (Break The Glass):
 several recent comments (only listed most recent from each named member):
  david-c: http://lists.oasis-open.org/archives/xacml/201103/msg00014.html
  mike:    http://lists.oasis-open.org/archives/xacml/201103/msg00021.html
  erik:    http://lists.oasis-open.org/archives/xacml/201103/msg00024.html
  doron:   http://lists.oasis-open.org/archives/xacml/201103/msg00027.html
  martin:  http://lists.oasis-open.org/archives/xacml/201103/msg00028.html
  bill:    http://lists.oasis-open.org/archives/xacml/201103/msg00029.html
  paul:    http://lists.oasis-open.org/archives/xacml/201103/msg00030.html
  david-s: http://lists.oasis-open.org/archives/xacml/201103/msg00032.html
  rich:    http://lists.oasis-open.org/archives/xacml/201103/msg00033.html
 original (David C):

PIP directive (additional information directives)
 original (David):

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]