OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for 2 June 2011 TC Meeting

Time: 13:00 EDT
Tel: 513-241-0892 Access Code: 65998

Minutes for 2 June 2011 TC Meeting:

  note: "->" implies an "action item"

I. Roll Call&  Approve Minutes:

Voting Members

Erik Rissanen 	Axiomatics
Paul Tyson 		Bell Helicopter Textron Inc.
Doron Grinstein 	BiTKOO
David Choy 		EMC 	
Remon Sinnema 	EMC
Sridhar Muppidi 	IBM
David Chadwick 	Individual
Bill Parducci 	Individual
Rich Levinson 	Oracle
Hal Lockhart 	Oracle
John Tolbert 	The Boeing Company


David Chadwick 	Individual

     have quorum

  Note: did not have quorum last week, so 19-May minutes still need approval

  26 May TC Meeting - UPDATED 2:

	approved "notes" of 26-may

  19 May 2011 TC Meeting

	approved minutes of 19-may

II. Administrivia

   F2F: will be held in June 28th, 29, 30th in Lexington, MA
    Hal will create a poll to gather the final attendance count
     for the F2F, which is needed for planning facilities.

  ->  Hal: please respond to poll. (action is on everyone else to respond)

   XACML TC Anniversary

   XACML 3.0 core wd 20 uploaded

   mtg schedule:
     hal: back to 2 weeks?
     erik: not yet
     hal: ok, weekly for now, next mgt jun 9
     david: could we schedule jun 16 mtg hour earlier?
  ->  hal: we will discuss on jun 9 if we can move jun 16 1 hr earlier

IIIa. New Issues

   three questions: string-not-equal&  valid FulfillOn attributevalues
     &  placement of variableDefintions
     (may be resolved w follow-up emails)

   wd20 policy evaluation discussion:
     (may be resolved in followup emails)
    paul: http://lists.oasis-open.org/archives/xacml/201105/msg00095.html

    paul: issue is with target description; not sure objection to
	proposed wording: target matches, doesn't, ind.
    erik: same info is in the table; risk of keeping things in
	table in 7.1.2?
    paul: not as good as could be, but is ok.

   Obligations/Advice combining ambiguities. (dependent on final
    version of combining algorithms)

     rich: working assumption is that in deny-overrides that if there
	are multiple permit rules then all the applicable permits
	add their obligations to the response if decision is permit,
	as opposed to the deny decision, where only one rule's obls
	are returned.

  ->  rich: will update impl guide w acm ref paper; also explain
	in a little more detail the "bundling of obligations"
	from the non-biased decision (i.e. the permit in
	deny-overrides, etc.)

   Permit|Deny Bias PDPs&  Extended Indeterminate
     this issue appears resolved w no changes required:

      rich: resolved - everything ok, as is

IIIb. Issues Active on List

   Indeterminate Policy Target handling
    possible proposal to resolve: erik/rich:

     erik: obligations wrt policies evaluated, important that
	policies should be understood wrt combining used
     rich: ok, want to see next draft before signoff
  ->  erik: will prepare next draft

   PDP REST Interface - proposal - hal:

     hal: has this discussion ended or is there more to come?
     erik: david b not here today, but issue is still active

   XACML Implementers Guide - updated w some cautions on ref:
    (note: the ref also needs update to published acm version,
     which addresses some of the concerns mentioned)
    Groups - XACML Implementor's Guide Version 3.0
     (xacml-implement-guide-3.0-02-05.doc) uploaded

   Attribute predicate profile for SAML and XACML - ray comment

IV. Carryover Issues (last posting listed)
   XACML Metadata

   Attribute predicate Profile for SAML and XACML

   Break The Glass Profile

     hal: david should bring us up to date on where we left off;
     david: still before proposal stage; should pdp signal a btg
     hal: does pdp know to signal btg by evaluating policy
     david: yes, can be by an attribute (state); if attr set to true
	it would give one answer, if false then a btg answer;
	if glass wasn't broken, it would say you are entitled to
	break the glass;
     hal: we have 2 mechanisms: missing attr w indeterminate, or in
	policy can have obl or advice on deny;
     david: based on attr modeling whether state glass is broken;
	if btg is provided can make decision, if not, can't.
     rich: it sounds like it is profile using existing mechanisms,
	which seems like all ok.
     david: agrees
     david: pep can ignore the advice;
     hal: are there any open technical issues
     david: no; remaining question is what does pep do in response?
      	one opinion is that pep does everything automatically,
	other is w obligations such as notify parts
	some people think it's all over w pdp, others think that
	you go back to pdp;
     david: pdp signals w advice, obl in v2, and 2 options on pep:
	coord w pdp, and ind of pdp.
     hal: why doesn't pdp interact w authority sufficient? policy
	does the alg and calculates answer; state type authority
	to keep track of btg;
     david: that model w glass mgr, still needs req to ask state;
     erik: "in coord w pdp" needs to be more specific:
     david: policy rule about who is allowed to do btg; 2nd rule
	is about btg'ing itself; state is maintained;
     erik: pdp controls acces to chg the state info.
     david: yes.
     hal: policy controls the btg as resource;
  ->  david: will update the profile

   Profile Examples (Hierarchy)

   PIP directive (additional information directives)

  Usage of status:missing-attribute in case of an AttributeSelector

  "Web Friendly" Policy Ids

  Specifying a specific associated Resource in a Policy (Sticky Policies)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]