[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for 5 May 2011 TC Meeting:
Time: 13:00 EDT
Tel: 513-241-0892 Access Code: 65998
Minutes for 5 May 2011 TC Meeting:
I. Roll Call& Approve Minutes:
Roll call:
Erik Rissanen
Abbie Barbir
Paul Tyson
Doron Grinstein
David Choy
Remon Sinnema
Sridhar Muppidi
Jan Herrmann
Bill Parducci
Anthony Nadalin
Rich Levinson
Hal Lockhart
John Tolbert
John Davis
David Staggs
we have quorum
hal: preliminary: focus on v3 specs over other issues
Approve Minutes: 28 April 2011 TC Meeting Minutes (updated):
http://lists.oasis-open.org/archives/xacml/201104/msg00076.html
hal: approved no objection
II. Administrivia
Ongoing: "ITU-T Files of Interest":
Abbie will provide status as available
hal: http://lists.oasis-open.org/archives/xacml/201105/msg00000.html
hal: posted msg; they will incorporate errata, w rec#, there is
self-explanatory data
abbie: 16 files for xacml 2.0 will be incorporated; targeted to
be done aug-sep time frame; will bring xacml 2 in synch
w oasis
xacml 3: will keep it in phase w oasis work
hal: kmip interested in submitting
abbie: is looking into it.
Ongoing: F2F Planning Update
status: F2F will be held in June 28th, 29, 30th in Lexington, MA
at the Boeing facility
John Tolbert to publish logistics information
hal: http://lists.oasis-open.org/archives/xacml/201105/msg00001.html
hal: john t. volunteered boeing facilities in Lexington
email posted w logistics and hotels
will need to have dial-in access: john: no problem
new: next wk is european conf; should we have call next week;
hal: will not have mtg next week. (it is optional week anyway)
Ongoing: OASIS XACML Webinar: OASIS asks is there interest to develop?
XACML Webinar set for 8 June, 2011 at 11:00ET US
Hal, Erik and Doron will be presenting. Development in progress.
Ongoing: "OASIS IDtrust Member Section to host IIW - 3-5 May 2011":
dee: http://lists.oasis-open.org/archives/xacml/201103/msg00057.html
is there any news from this conf?
hal: the mtg is over
III. Issues
new: hal wants to close the extended indeterminate debate
hal: critical wording is in C.1
hal: is it sufficient to look at declared effects or should
we calculate beyond the effects;
reading c.1 does not make clear which algorithm
was intended.
rich: this issue also existed in 2.0 w the Target of
the Rules.
erik: steven legg posted on comments that wasn't clear how
it works if Targets evaluated. Paul found xacml
behaved in different. Some agreement that it is too
big to tackle in 3.0.
hal: there was 3rd issue: how do legacy work w combining algs.
erik: no difference in behavior.
erik: table 7, need to go back 1 step; starts when evaluating
PolicySet; not intended to be in C.1;
hal: consensus that we need some chgs from wd-19;
consensus on legacy algs.
consensus on not going Paul's route
paul: looking for understanding;
rich: tried to explain
erik: if you have 2 rules: 1 Permit and 1 Deny and alg is
deny-override; if deny is found then it doesn't matter
whether the other rule is evaluatable or not.
if you don't have extended indeterminate; you cannot
filter out irrelevant errors. PEP would not tell
difference between type of indeterminate.
paul: then these should not be seen in final result
erik: that is correct: response from pdp
hal: this is internal indeterminate state for internal eval.
paul: would suggest led down this path; did not have notion
of policy equivalence.
rich: asserts that if policy target is indeterminate then all
that needs to be done is to look at the effects of the
rules and there is no point in evaluating the targets
and conditions.
paul: for completeness treat all rules as indeterminate;
hal: that is the old policy algorithms; no longer can distinguish
between d and p.
rich: it is 2x2 issue: one axis is d or p, the other is evaluate
target or not.
paul: one way to determine indeterminate is to put in increasingly
more complex analysis; if in order to understand, that is
not serving the purpose of xacml.
new:<PolicySet> elements under PPS elements in RBAC profile"
jan: http://lists.oasis-open.org/archives/xacml/201104/msg00066.html
rich: http://lists.oasis-open.org/archives/xacml/201104/msg00083.html
rich: should this be resolved w action item to update 1st ref in doc?
hal: one other issue: jan reported problem;
erik: the normative section was modified, but tne non-normative was
not updated. We should update the non-normative;
action-> update the rbac spec;
hal: for missing attrs - indeterminate can indicate go get the attr.
no meeting next week: next call May 19.
MEETING ADJOURNED: 2:01 PM/EDT
new (carryover): "Profile examples"
rich: links to hier examples:
anne's 2004 doc: http://lists.oasis-open.org/archives/xacml/200406/msg00033.html
actual doc: http://lists.oasis-open.org/archives/xacml/200406/pdf00003.pdf
rich: forest and dag non-xml resource examples:
http://lists.oasis-open.org/archives/xacml/200902/msg00058.html
rich: background on xml resource URI example: (many emails followed this
to point where we came to agreement on current spec):
http://lists.oasis-open.org/archives/xacml/200910/msg00024.html
doron: to start a discussion thread on list and provide examples that his
company is using to represent their hier operations
Update: BTG Profile (Break The Glass):
latest: (david summary + follow on comments)
david: http://lists.oasis-open.org/archives/xacml/201104/msg00074.html
remon: http://lists.oasis-open.org/archives/xacml/201104/msg00078.html
david: http://lists.oasis-open.org/archives/xacml/201104/msg00081.html
remon: http://lists.oasis-open.org/archives/xacml/201104/msg00082.html
Update: "Attribute predicate profile for SAML and XACML":
remon(zbac): http://lists.oasis-open.org/archives/xacml/201104/msg00080.html
Greg, is in the process of splitting document into a SAML Profile
and XACML profile. He is a bit unclear as to what is needed in XACML
profile based upon Paul's comments on the list. Hal offered that a
Profile may created or an artifact on non-normative document track.
Greg noted that he is awaiting feedback from the SAML group on the
proposal made to that group.
update: "XACML working drafts"
"WD-19 of core and WD-14 of SAML profile" these specs are being reviewed.
list of issues addressed is in 1st link, docs are in 2nd link:
list-fixes: http://lists.oasis-open.org/archives/xacml/201104/msg00018.html
doc-links: http://lists.oasis-open.org/archives/xacml/201104/msg00017.html
Following are carried over: not ref'd in last minutes:
Update: "The Indeterminate flavors question" (aka: Extended Indeterminate)
remon: http://lists.oasis-open.org/archives/xacml/201104/msg00079.html
erik: http://lists.oasis-open.org/archives/xacml/201104/msg00045.html
paul: http://lists.oasis-open.org/archives/xacml/201104/msg00046.html
rich: http://lists.oasis-open.org/archives/xacml/201104/msg00053.html
Carried: PIP directive (additional information directives)
original (David): http://lists.oasis-open.org/archives/xacml/201010/msg00005.html
Hal: noted that this topic has been quiet and offered that he is
working on an approach to possibly combining some of the ideas
that have been considered.
Carried: "usage of status:missing-attribute in case of an AttributeSelector
- control of the pip through xacml rules"
jan: http://lists.oasis-open.org/archives/xacml/201103/msg00059.html
comments:
paul: http://lists.oasis-open.org/archives/xacml/201103/msg00060.html
erik: http://lists.oasis-open.org/archives/xacml/201104/msg00002.html
jan: http://lists.oasis-open.org/archives/xacml/201104/msg00003.html
Carried: ""Web Friendly" Policy Ids":
hal: http://lists.oasis-open.org/archives/xacml/201103/msg00044.html
comments:
paul: http://lists.oasis-open.org/archives/xacml/201103/msg00046.html
Carried: Specifying a specific associated Resource in a Policy (Sticky Policies):
hal: http://lists.oasis-open.org/archives/xacml/201103/msg00012.html
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]