[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for 24 March 2011 TC Meeting - UPDATED(2)
Time: 13:00 EDT
Tel: 513-241-0892 Access Code: 65998
Minutes for 24 March 2011 TC Meeting - UPDATED(2):
I. Roll Call & Approve Minutes:
Voting
Erik Rissanen
Abbie Barbir
Paul Tyson
Doron Grinstein
Sridhar Muppidi
Gregory Neven
Franz-Stefan Preiss
Bill Parducci
Anthony Nadalin
Rich Levinson
Hal Lockhart
John Tolbert
David Staggs
Non-voting
Kenneth Peeples
Duane DeCouteau
Remon Sinnema
10 March 2011 TC Meeting Minutes (Updated):
http://lists.oasis-open.org/archives/xacml/201103/msg00015.html
hal: no objections heard; approved
II. Administrivia
F2F Planning Update
http://lists.oasis-open.org/archives/xacml/201103/msg00006.html
hal: f2f action on chairs to look for proposals
OASIS XACML Webinar: is there interest to develop?
http://lists.oasis-open.org/archives/xacml/201103/msg00034.html
bill: talked to Dee: Erik, Doron, Hal volunteer to work on it.
Conformance Tests: bitkoo xacml 3.0 tests available for examination:
http://lists.oasis-open.org/archives/xacml/201103/msg00008.html
hal: good job by bitkoo; encourage people to check it out
ITU-T Files of Interest: (any update on reviewing? - see minutes above)
http://lists.oasis-open.org/archives/xacml/201103/msg00001.html
abbie: actively working on it, actual submission in next few days;
apr 11-20 group 17 mtg; next update will be after that.
III. Issues
New (from Hal): Specifying a specific associated Resource in a Policy
(Sticky Policies):
hal: http://lists.oasis-open.org/archives/xacml/201103/msg00012.html
hal: noted that he posted the "sticky policies" and is looking
for some follow-up discussion. Will defer until people
get a chance to look it over.
New (from Hal on call): Some of the issues that follow, as well as
some that have been discussed in prev meetings we might consider
grouping into an errata document:
(no related email: was brought up before discussing issues below)
hal: suggest we collect errata, which would involve dropping some
or all of the CS docs back to Working Draft and redo all the
votes and public review
erik: thinks its bad idea, and instead thinks that we should find a
way just to post the errata
rich: agrees, and thinks it should be parallel track, which would
leave the docs in CS state, allow them to progress to oasis
specs, and the errata can be collected independently, until
such time as we decide what to do w errata.
erik: volunteers to collect errata then decide what to do next
hal: reqd to produce errata against oasis std
format not specified, just show how published std will
be changed. suggests format of chg line #s ... to ...
hal: point is to collect chgs and agree with chgs then later
decide what, if anything, should be done to specs.
New (from xacml-comment): Specification of extended indeterminate in
combiningalgorithms is incomplete:
erik: http://lists.oasis-open.org/archives/xacml/201103/msg00011.html
hal: erik to look at w errata
New (from Franz-Stefan): Erratum concerning the 'Expression
Substitution Group':
franz-stefan: http://lists.oasis-open.org/archives/xacml/201103/msg00036.html
hal: erik to look at for errata
New (from Greg): Obligations problem: sec 7.16 may confuse "effect","result"
greg: http://lists.oasis-open.org/archives/xacml/201103/msg00037.html
hal: erik to look at for errata
Attribute Assertions in XACML request: greg has posted proposed profile:
http://lists.oasis-open.org/archives/xacml/201103/msg00035.html
comments on posting:
http://lists.oasis-open.org/archives/xacml/201103/msg00040.html
original (Paul from november 2010):
http://lists.oasis-open.org/archives/xacml/201010/msg00012.html
hal: greg to describe proposal
greg: doc has generic introduction; instead of letting saml carry
values only, can also carry a predicate that could be handled
by the pdp
sec 3 would be chg to saml profile
sec 4 explains how such assertions could be embedded in
a xacml pdp
comments: from doron: who does work? pep or ch? greg: if
ch sees responses passing then ch could do it just as well
from franz-stefan: restrictions on how many queries user
can be making at given time; fishing: systematic queries
to collect underlying constraints
hal: was presented to saml on tue; some pushback on applies
stuff; possibly profiles saml<->xacml should ref each other
and cooperate; xspa has done 3 profiles in 3 tcs;
greg: own group has raised some issues in red balloons on
some of the pages;
paul: has same concerns raised earlier; whole business of
translating between boolean vs real comparison on an attr;
doron: didn't analyze in detail; similar to what they do in
long run; when you have attr responder: what values are
transmitted to responder;
hal: process of obtaining from a provider a predicate;
greg: query will contain predicate to be certified;
doron: has done before in 2003: tell pip go get attr
from various sources; throw attr of user over fence to
provider that returns the boolean; inputs are any num
of attrs, from req;
pep calls svc w some attr; pdp then tells ch - go get more
attrs, then send attrs to predicate responder and return
a boolean rsp that pdp makes decision on.
greg: in doron's scenario: predicate is fixed in some kind
of service; greg's proposal is for any predicate: is doron's
for specific predicate?
doron: can give any predicate, but can also add more attrs;
user is 123, dept is xyz, is he over 21? pred calcs t/f
greg: not aware is it doc'd anywhere
doron: filed a patent; can set up a demo;
hal: didn't quite follow:
doron: define pred; attrs about principal;
predicate resolver;
hal: part of saml based on this is attr query, no guarantee
about what will be returned; make a query w a bunch of attrs
and predicates;
rich: thinks there is lot of stuff out there: saml profiles,
doron's stuff, other products, federation, papers have published
various things on collecting attrs, preparing predicates, and
producing results;
greg: point of profile is do basically that;
hal: concern about mention of patent - need to review oasis ipr
policies before introducing any patented technology
greg: p6, gives example
hal: missing attrs, attr finders, david's paper, interesting topic
wrt to obtaining attrs independent of notion of "predicates"
doron: predicate is just another attr for pep go get; do we want
to represent expression in policy; might be able to communicate
policy to responder
hal: in general can flatten anything out to a scalar;
rich: one or more scalars;
paul: xacml loosely coupled: common vocabulary that all participants
are aware of; introducing local attrs - policy writer can't
in terms of well known attrs; that alone introduces complexity
hal: xacml doesn't define your attrs, names, etc. need that
knowledge
paul: in any domain you will have that set of attrs; can do
varied analysis and be sure what you are doing; doron's notion
extends ch to not just deal w attrs, but throws over wall;
doron: example: can ask a weather service if it is raining; don't
need to know the internals of the impl
paul: pdp evaluates w full knowledge of attrs involved; can
eval wrt attrs of unknown origin;
hal: black box; ask what humidity is: why do you need to know
the impl in the black box.
doron: need to support both black and white box; call for credit
score - don't know how they do it, just need the score; in other
cases need to send attrs to control evaluation of credit score;
greg: how does ch know which attr to query?
doron: for each attr have info and expression, policy identifier,
etc. dynamic data provider; boolean is ultimate response
greg: sounds similar to locally meaningful attr-id's
rich: have reached end of meeting time 2:00
hal: to be continued; greg is updating proposal?
greg: will work w what tc wants to do;
hal: ask tc-admin for template, then can post to our archive;
rich: was same doc submitted to both xacml,saml?
greg: yes
david s: incits: producing next gen access ctl, can put some
text in for xacml in cs1; need to be member of cs1: us body
for iso?
hal: next mtg in 2 weeks; progress pts on list as much as possible.
BTG Profile (Break The Glass):
several recent comments (only listed most recent from each named member):
david-c: http://lists.oasis-open.org/archives/xacml/201103/msg00014.html
mike: http://lists.oasis-open.org/archives/xacml/201103/msg00021.html
erik: http://lists.oasis-open.org/archives/xacml/201103/msg00024.html
doron: http://lists.oasis-open.org/archives/xacml/201103/msg00027.html
martin: http://lists.oasis-open.org/archives/xacml/201103/msg00028.html
bill: http://lists.oasis-open.org/archives/xacml/201103/msg00029.html
paul: http://lists.oasis-open.org/archives/xacml/201103/msg00030.html
david-s: http://lists.oasis-open.org/archives/xacml/201103/msg00032.html
rich: http://lists.oasis-open.org/archives/xacml/201103/msg00033.html
original (David C):
http://lists.oasis-open.org/archives/xacml/201011/msg00017.html
PIP directive (additional information directives)
original (David):
http://lists.oasis-open.org/archives/xacml/201010/msg00005.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]