OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for 26 May TC Meeting - UPDATED

I. Roll Call
 Voting Members
  Hal Lockhart (Chair)
  Bill Parducci (Co-Chair, minutes)
  Paul Tyson
  Doron Grinstein
  Remon Sinnema
  Anthony Nadalin
  Rich Levinson
  Hal Lockhart
  John Tolbert

|  David Broussard

 Quorum NOT met: (47% per Kavi)

I. Roll Call & Approve Minutes:
  NO vote on minutes for 19 May 2011 TC Meeting

II. Administrivia
  Hal noted that he will request at that next call we move back to 
  biweekly calls.

 XACML 3.0 core wd 20 uploaded
  The TC is encouraged to review.

  Hal will create a poll to gather the final attendance count for the 

III. Issues Discussed
 PDP REST Interface (PAP)
  Hal noted that the current thinking on the list attribute
  information would be in JSON and transported using a POST over HTTP
  with the response. He offered that he personally would like to see
  this done in such a way that doesn't cap the functionality. 

  David Chadwick concurs with this and noted that his current
  prototype doesn't cover Multiple Resources, but that this isn't part
  of the Core spec. 

  Paul pointed out that the W3C is working to develop standardized
  mechanisms for expressing RDF graphs and that XACML fits within the
  scope of this work. Therefore the TC should consider building upon
  that work. Alternatively, he offered that a "bridge" between XACML
  and the W3C work may be developed.

  Hal countered that direct association with the concept of "Semantic
  Web" work may defeat the underlying driver for this project 
  (enhanced approachability of XACML).

  Paul noted that he is not against any efforts to make XACML more
  approachable in HTTP based environments.

 XACML Implementers Guide
  Rich reviewed his position on the ramifications of how the current 
  direction on extended Indeterminate response and what it may mean to
  new adopters. This lead to the revival of the Adopters Guide. Rich
  asked that the TC consider adding/updating content to the guide as
  for changes to the spec/Profiles that have been added since the 

IV. New Issue
 Permit|Deny Bias PDPs & Extended Indeterminate
  Rich introduced and issue that was derived from comments by
  Indeterminate (D|P) results need to be percolated up to the response
  when generated by PDP bias.

  Paul asked for clarification where Ind(D|P) would be applicable in a
  real world example. He noted that and Ind(D) could not be converted 
  into a Permit. Rich offered that additional Attributes could result 
  in a N/A. Paul replied that this still doesn't result in a practical
  Use Case. Rich suggested that the TC dig into Chapter 2 of the
  Implementor's Guide to begin the clarification process.

 Obligations/Advice combining ambiguities.
  Rich asked for input on the current understanding on how Obligations
  /Advices are combined in a deterministic manner. Hal reviewed the 
  historical context of the desire for unordered evaluation. Rich
  will post a proposed solution to the list that is based upon the
  concept of a "default" behavior, that is followed by a list of an
  enumerated list of Obligations/Advices that are attempted.

V. Carryover Issues
 Indeterminate Policy Target handling

 PDP REST Interface - proposal 
  ("Towards the creation of XACML PEPs")

 Attribute predicate profile for SAML and XACML

 XACML Metadata

 Attribute predicate Profile for SAML and XACML

 Break The Glass Profile

 Profile Examples (Hierarchy) 

 PIP directive (additional information directives)

 Usage of status:missing-attribute in case of an AttributeSelector

 "Web Friendly" Policy Ids

 Specifying a specific associated Resource in a Policy (Sticky Policies)

meeting adjourned.

Next meeting June 2, 2010.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]