[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: WG: raw notes from f2f day 2: 9:00-12:15 AM
second try.....didn’t
went through the first round Von: Jan Herrmann
[mailto:herrmann_jan@gmx.de] below the raw notes from the f2f day 2 –
morning session. They are not very detailed given the unstructured nature of
the discussions. best regards Jan Minutes 29th of June 9 am -
12:15 pm attendees:
hal
rich levinson
erik
andy
greg nevin
jan herrmann
david choy
david button
john tolbert david chadwick David C.: Introduction to
the Break the glass profile workflow intro Hal: repetition
of the architecture Jan: more generic
view possible. state is the central part David/Hal/Jan:
discussion on the general use case Jan: intro to a
similar use case: rewrite obligations.... David Co.: global
BTG` David application
dependant Jan: standardise
state-service interface Hal: many ways to
do it David: continue of the
btg profile intro advice-id that
needs to be standardised Jan: comment on
section4 -> different ways how to submit the break the glass action: extra
service-language? vs. extended app interface Erik/Jan:
discussion on how to represent the attributes Hal: need for the
obligation to set the state David/Hal/Jan/Erik/Rich:
discussion Hal: coupling
between two policies, break the glass advice & right to set the state David Co: why so
complicated, can be outsourced David: highlights
the importance David Co:
performance overhead David: explains
that only btg process is triggered if the adr describes a corresponding
situation. not the general case... Jan: dependency
of rights Hal: when do you
trigger btg process? David: section 5
--> discussion Hal: agenda for
the next two days. obligation&advice combining, than continue of break the
glass, other items. Hal: rich
discovered the asymmetry in the effect if deny-overrides comb-alg. is used with
advices and obligations. the issue: what is evaluated, which
obligations&advices get fired Erik: defend that
the asymmetry is okay. Rich: implementers
guide on the combing algorithms discussion points to an acm
paper on xacml ambiguities -> Access Control Policy Combining: Theory Meets
Practice (https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2008-9-report.pdf) draws an example
showing the problem Hal: demonstrates
the obligation families slides Andy: user
performs a single action addressing multiple rsources-> multiple obligations
that are equal--> need for mechanisms to combine equal obligations Rich: goes through the
mentioned paper and highlights the things that are now addressed by xacml 3.0 the implementers
guide is okay but some details & choices are implicit. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]