OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xacml] Proposed Agenda for 5 May 2011 TC Meeting


Ok, then let me put my last (for now) concern in this area on the table.  Maybe this is just a lack of understanding on my part, because I was not involved in the discussion that led to extended indeterminate values in the spec.

What is the intended use of extended indeterminate values?  As a relying party, why would I distinguish between an "Indeterminate{D}" and a "Deny" decision, knowing that regardless of the missing attribute values I might supply after receiving Ind{D}, I would only get a Deny decision?  Same for Ind{P} and Permit.

I must be missing something.  The spec is clear about what conditions should produce these return values, but silent on the motivational use cases.

The reason I ask is to make sure that whatever additional behavior we specify around these values meets the original functional requirements.

Regards,
--Paul

> -----Original Message-----
> From: Hal Lockhart [mailto:hal.lockhart@oracle.com]
> Sent: Thursday, May 05, 2011 10:25
> To: Tyson, Paul H; Rich Levinson; xacml
> Subject: RE: [xacml] Proposed Agenda for 5 May 2011 TC Meeting
> 
> I agree. I was planning (in my usual, arbitrary authoritarian way) to
> first drive the extended indeterminate issue to a conclusion. We did
> not discuss it last week because Erik was not on the call.
> 
> I would also like to resolve Jan's issue about Policy Sets in the RBAC
> profile, assuming this was a previously agreed change that did not get
> made. It this turns out not to be the case we can defer it for later
> discussion.
> 
> Any time left can be used for other issues such as BTG.
> 
> Hal
> 
> > -----Original Message-----
> > From: Tyson, Paul H [mailto:PTyson@bellhelicopter.textron.com]
> > Sent: Thursday, May 05, 2011 10:43 AM
> > To: rich levinson; xacml
> > Subject: RE: [xacml] Proposed Agenda for 5 May 2011 TC Meeting
> >
> >
> > I thought the main purpose of weekly meetings was to get the
> > 3.0 specs back to cs status as soon as possible.  If so we
> > should put "XACML working drafts" first on the agenda.
> >
> > I think the only area of discussion is the substantive
> > changes in section 7 of the core spec.  Erik made these to
> > clarify return values from policies in the event of
> > indeterminate targets.  I believe this uncovers some
> > underlying issues that cannot be resolved quickly.  I would
> > prefer to remove the section 7 changes from wd-19 and leave
> > the ambiguity in the spec until we can work through the
> > issues.  As Bill pointed out, underspecification is not an error.
> >
> > Regards,
> > --Paul
> >
> > > -----Original Message-----
> > > From: rich levinson [mailto:rich.levinson@oracle.com]
> > > Sent: Thursday, May 05, 2011 00:25
> > > To: xacml
> > > Subject: [xacml] Proposed Agenda for 5 May 2011 TC Meeting
> > >
> > > Time: 13:00 EDT
> > > Tel: 513-241-0892 Access Code: 65998
> > >
> > > Proposed Agenda for 5 May 2011 TC Meeting:
> > >
> > > I. Roll Call&  Approve Minutes:
> > > Roll call:
> > >
> > > Approve Minutes: 28 April 2011 TC Meeting Minutes (updated):
> > > http://lists.oasis-open.org/archives/xacml/201104/msg00076.html
> > >
> > >
> > > II. Administrivia
> > >
> > > Ongoing: "ITU-T Files of Interest":
> > >   Abbie will provide status as available
> > >   hal:
> > http://lists.oasis-open.org/archives/xacml/201105/msg00000.html
> > >
> > > Ongoing: F2F Planning Update
> > >   status:  F2F will be held in June 28th, 29, 30th in Lexington, MA
> > >    at the Boeing facility
> > >    John Tolbert to publish logistics information
> > >   hal:
> > http://lists.oasis-open.org/archives/xacml/201105/msg00001.html
> > >
> > > Ongoing: OASIS XACML Webinar: OASIS asks is there interest
> > to develop?
> > >   XACML Webinar set for 8 June, 2011 at 11:00ET US
> > >   Hal, Erik and Doron will be presenting. Development in progress.
> > >
> > > Ongoing: "OASIS IDtrust Member Section to host IIW - 3-5 May 2011":
> > >   dee:
> > http://lists.oasis-open.org/archives/xacml/201103/msg00057.html
> > >   is there any news from this conf?
> > >
> > >
> > > III. Issues
> > >
> > > new:<PolicySet>  elements under PPS elements in RBAC profile"
> > >   jan:
> > http://lists.oasis-open.org/archives/xacml/201104/msg00066.html
> > >   rich:
> > http://lists.oasis-open.org/archives/xacml/201104/msg00083.html
> > >   rich: should this be resolved w action item to update 1st
> > ref in doc?
> > >
> > > new (carryover): "Profile examples"
> > >   rich: links to hier examples:
> > >    anne's 2004 doc: http://lists.oasis-
> > > open.org/archives/xacml/200406/msg00033.html
> > >    actual doc: http://lists.oasis-
> > > open.org/archives/xacml/200406/pdf00003.pdf
> > >    rich: forest and dag non-xml resource examples:
> > >     http://lists.oasis-open.org/archives/xacml/200902/msg00058.html
> > >    rich: background on xml resource URI example: (many
> > emails followed
> > > this
> > > 	to point where we came to agreement on current spec):
> > >     http://lists.oasis-open.org/archives/xacml/200910/msg00024.html
> > >   doron: to start a discussion thread on list and provide
> > examples that
> > > his
> > >     company is using to represent their hier operations
> > >
> > > Update: BTG Profile (Break The Glass):
> > > latest: (david summary + follow on comments)
> > >   david: http://lists.oasis-
> > > open.org/archives/xacml/201104/msg00074.html
> > >   remon: http://lists.oasis-
> > > open.org/archives/xacml/201104/msg00078.html
> > >   david: http://lists.oasis-
> > > open.org/archives/xacml/201104/msg00081.html
> > >   remon: http://lists.oasis-
> > > open.org/archives/xacml/201104/msg00082.html
> > >
> > > Update: "Attribute predicate profile for SAML and XACML":
> > >   remon(zbac): http://lists.oasis-
> > > open.org/archives/xacml/201104/msg00080.html
> > >   Greg, is in the process of splitting document into a SAML Profile
> > >     and XACML profile. He is a bit unclear as to what is needed in
> > > XACML
> > >     profile based upon Paul's comments on the list. Hal
> > offered that a
> > >     Profile may created or an artifact on non-normative
> > document track.
> > >     Greg noted that he is awaiting feedback from the SAML
> > group on the
> > >     proposal made to that group.
> > >
> > > update: "XACML working drafts"
> > > "WD-19 of core and WD-14 of SAML profile" these specs are being
> > > reviewed.
> > >   list of issues addressed is in 1st link, docs are in 2nd link:
> > >    list-fixes: http://lists.oasis-
> > > open.org/archives/xacml/201104/msg00018.html
> > >    doc-links:  http://lists.oasis-
> > > open.org/archives/xacml/201104/msg00017.html
> > >
> > >
> > > Following are carried over: not ref'd in last minutes:
> > >
> > > Update: "The Indeterminate flavors question" (aka: Extended
> > > Indeterminate)
> > >   remon: http://lists.oasis-
> > > open.org/archives/xacml/201104/msg00079.html
> > >   erik:
> http://lists.oasis-open.org/archives/xacml/201104/msg00045.html
> >   paul: http://lists.oasis-
> open.org/archives/xacml/201104/msg00046.html
> >   rich: http://lists.oasis-
> open.org/archives/xacml/201104/msg00053.html
> >
> > Carried: PIP directive (additional information directives)
> > original (David): http://lists.oasis-
> > open.org/archives/xacml/201010/msg00005.html
> >   Hal: noted that this topic has been quiet and offered that he is
> >     working on an approach to possibly combining some of the ideas
> >     that have been considered.
> >
> > Carried: "usage of status:missing-attribute in case of an
> > AttributeSelector
> >       - control of the pip through xacml rules"
> >   jan: http://lists.oasis-
> open.org/archives/xacml/201103/msg00059.html
> > comments:
> >   paul: http://lists.oasis-
> open.org/archives/xacml/201103/msg00060.html
> >   erik: http://lists.oasis-
> open.org/archives/xacml/201104/msg00002.html
> >   jan:  http://lists.oasis-
> open.org/archives/xacml/201104/msg00003.html
> >
> > Carried: ""Web Friendly" Policy Ids":
> >   hal: http://lists.oasis-
> open.org/archives/xacml/201103/msg00044.html
> > comments:
> >   paul: http://lists.oasis-
> open.org/archives/xacml/201103/msg00046.html
> >
> > Carried: Specifying a specific associated Resource in a Policy
> (Sticky
> > Policies):
> >   hal: http://lists.oasis-
> open.org/archives/xacml/201103/msg00012.html
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this mail list, you must leave the OASIS TC that
> > generates this mail.  Follow this link to all your TCs in OASIS at:
> > https://www.oasis-
> open.org/apps/org/workgroup/portal/my_workgroups.php



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]