Subject: Re: [xacml] Minutes for 26 May TC Meeting - UPDATED
I. Roll Call
Hal Lockhart (Chair)
Bill Parducci (Co-Chair, minutes)
| David Broussard
Quorum NOT met: (47% per Kavi)
I. Roll Call & Approve Minutes:
NO vote on minutes for 19 May 2011 TC Meeting
Hal noted that he will request at that next call we move back to
XACML 3.0 core wd 20 uploaded
The TC is encouraged to review.
Hal will create a poll to gather the final attendance count for the
III. Issues Discussed
PDP REST Interface (PAP)
Hal noted that the current thinking on the list attribute
information would be in JSON and transported using a POST over HTTP
with the response. He offered that he personally would like to see
this done in such a way that doesn't cap the functionality.
David Chadwick concurs with this and noted that his current
prototype doesn't cover Multiple Resources, but that this isn't part
of the Core spec.
Paul pointed out that the W3C is working to develop standardized
mechanisms for expressing RDF graphs and that XACML fits within the
scope of this work. Therefore the TC should consider building upon
that work. Alternatively, he offered that a "bridge" between XACML
and the W3C work may be developed.
Hal countered that direct association with the concept of "Semantic
Web" work may defeat the underlying driver for this project
(enhanced approachability of XACML).
Paul noted that he is not against any efforts to make XACML more
approachable in HTTP based environments.
XACML Implementers Guide
Rich reviewed his position on the ramifications of how the current
direction on extended Indeterminate response and what it may mean to
new adopters. This lead to the revival of the Adopters Guide. Rich
asked that the TC consider adding/updating content to the guide as
for changes to the spec/Profiles that have been added since the
IV. New Issue
Permit|Deny Bias PDPs & Extended Indeterminate
Rich introduced and issue that was derived from comments by
Indeterminate (D|P) results need to be percolated up to the response
when generated by PDP bias.
Paul asked for clarification where Ind(D|P) would be applicable in a
real world example. He noted that and Ind(D) could not be converted
into a Permit. Rich offered that additional Attributes could result
in a N/A. Paul replied that this still doesn't result in a practical
Use Case. Rich suggested that the TC dig into Chapter 2 of the
Implementor's Guide to begin the clarification process.
Obligations/Advice combining ambiguities.
Rich asked for input on the current understanding on how Obligations
/Advices are combined in a deterministic manner. Hal reviewed the
historical context of the desire for unordered evaluation. Rich
will post a proposed solution to the list that is based upon the
concept of a "default" behavior, that is followed by a list of an
enumerated list of Obligations/Advices that are attempted.
V. Carryover Issues
Indeterminate Policy Target handling
PDP REST Interface - proposal
("Towards the creation of XACML PEPs")
Attribute predicate profile for SAML and XACML
Attribute predicate Profile for SAML and XACML
Break The Glass Profile
Profile Examples (Hierarchy)
PIP directive (additional information directives)
Usage of status:missing-attribute in case of an AttributeSelector
"Web Friendly" Policy Ids
Specifying a specific associated Resource in a Policy (Sticky Policies)
Next meeting June 2, 2010.
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at: