F2F raw notes: Day 1: 11AM - 12:30PM

[rich levinson <rich.levinson@oracle.com>]

    11AM after break:

	greg: attr predicates:
		bdate<  1995 rather than exact date
		90000<  zip<  99999

	what is there to for xacml?
	all xacml to use such assertions
	borrowed schema of apply element to leverage all that;
	proposed first wd to saml; diff between profile,protocol
	advancing

	similar to normal attr assertions diagram
	in saml profile of xacml: fig 1 line 280 of xacml/saml

	diagram is described in text preceding diagram in section 1.1:

	greg: if pep knows predicate; pdp would submit and
	pdp would provide answer; 1st mechanism suggested

	one objection is policy in pep;

	trusted entity is authority that knows birthdate, but
	does not reveal it directly;
	predicates dedicated to specific attributes

	greg: is looking to have attr preds follow same paths
	as attrs in fig 1 of saml/xacml;

	jan: pip will fetch attrs; preds are more generic
	than basic predicate id;

	rich: using predicate as represented by attrId then
	can look for result from designated authority by
	attr finder; this is subset of the broader problem
	being discussed.

	greg: define new data type like attr data type that
	would have xml content describing - paul suggestion
	few months ago

	condition in policy vs certified predicates in req
	i.e. comparing age<16 in policy vs age<18 in req

	more complex: (weight/height)**2<  25 (bmi)
	vs height<  2.00 meters AND height/weight<  0.02

	erik: can't take this infinitely far; what is subset
	of workable predicates that it can be used for; i.e.
	which is more practical, usable;

	have an attr predicate repository; all that's left
	is policy instead of asking for missing attr,
	ask for missing attr predicate;

	hal: do you look for attr or for predicate; how
	do you know which?

	jan: you sending subrequest to authority: ex. is person
	in the country, and is person born before 1980?

	greg: entire pred is still in policy; in policy have
	date<  bday, and then go get bday;

	jan: that makes sense for pred calling for data used to
	evaluate the pred in the pdp.

	hal: similar to AMF files;
	still issue how much of policy you take;

	greg: these are essentially what he is looking at;
	how does pdp decide which attr to query?
	
	jan: define req that would give resource then
	add to decision in obl;
	hal: also extend missing attrs
	jan: subjid wants to do something on file server;
		get back yrof birth for bob, etc.

	jan: pep discharges obl, then inserts req

	erik: can't return obl on indeterminate; would
	return permit; do policies as obligations;
	why not just return attr result of predicate;

	david chadwick arrived just before noon;

	greg: xacml pdp depend on attr authority for preds
	how to control it? instead of raw data, attr auth
	can suggest alternatives;

	greg: attr authority can ask user for consent;

	david chad: don't know who requestor is so can come
	in as multiple requests to iterate to info;

	david choy: query can talk to lot of records becomes
	a performance; query is bigger issue than access:
	know the subject, but don't know the resouces.
	3rd problem is leackage

	hal: any process would have MIM exposure;

	david choy: need query capability
	system may allow me to look up my own salary;

	hal: might prune results before;

	jan: select * from: don't know if user asking
	for restricted data or not; can filter out
	instances not ok;
	don't have subj action resource have subj req msg
	most rights can be enforced on req; can rewrite req
	allowed subjecting the response to some filtering

	hal: is this non-atomic operation?

	jan: if you rewrite req, can be used as feedback to the
	user to refine original query to be more useful givent
	the constraints;

	greg: go to lowest level apply; mult attrs for same
	issuers;

	jan: this is more controlling the pip; uses the pred
	as a key to tell the pip what info you are looking
	for; relation to predicate

	hal: thought we dropped this approach;

	david chad: protocol that drives; pep

	hal: pep initially has some preds; if attrs are
	missing then pdp can make requests;
	2nd soln policy says x, pred says y; how do I
	determine if policy and pred related;

	david chad: pep is "not there"; (in diagram on screen)

	break for lunch; discuss possible dinner strategy