OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: WG: raw notes from f2f day 2: 9:00-12:15 AM


second try.....didn’t went through the first round

 


Von: Jan Herrmann [mailto:herrmann_jan@gmx.de]
Gesendet: Mittwoch, 29. Juni 2011 23:19
An: 'xacml@lists.oasis-open.org'
Betreff: raw notes from f2f day 2: 9:00-12:15 AM

 

below the raw notes from the f2f day 2 – morning session. They are not very detailed given the unstructured nature of the discussions.

best regards

Jan

 

 

Minutes 29th of June 9 am - 12:15 pm

 

attendees:

 

      hal

      rich levinson

      erik

      andy

      greg nevin

      jan herrmann

      david choy

      david button

      john tolbert

      david chadwick

 

David C.:

Introduction to the Break the glass profile

workflow intro

Hal: repetition of the architecture

Jan: more generic view possible. state is the central part

David/Hal/Jan: discussion on the general use case

Jan: intro to a similar use case: rewrite obligations....

David Co.: global BTG`

David application dependant

Jan: standardise state-service interface

Hal: many ways to do it

David:

continue of the btg profile intro

advice-id that needs to be standardised

Jan: comment on section4 -> different ways how to submit the break the glass action: extra service-language? vs. extended app interface

Erik/Jan: discussion on how to represent the attributes

Hal: need for the obligation to set the state

David/Hal/Jan/Erik/Rich: discussion

Hal: coupling between two policies, break the glass advice & right to set the state

David Co: why so complicated, can be outsourced

David: highlights the importance

David Co: performance overhead

David: explains that only btg process is triggered if the adr describes a corresponding situation. not the general case...

Jan: dependency of rights

Hal: when do you trigger btg process?

David: section 5 --> discussion

Hal: agenda for the next two days. obligation&advice combining, than continue of break the glass, other items.

Hal: rich discovered the asymmetry in the effect if deny-overrides comb-alg. is used with advices and obligations. the issue: what is evaluated, which obligations&advices get fired

Erik: defend that the asymmetry is okay.

Rich:

implementers guide on the combing algorithms discussion

points to an acm paper on xacml ambiguities -> Access Control Policy Combining: Theory Meets Practice (https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2008-9-report.pdf)

draws an example showing the problem

Hal: demonstrates the obligation families slides

Andy: user performs a single action addressing multiple rsources-> multiple obligations that are equal--> need for mechanisms to combine equal obligations

Rich:

goes through the mentioned paper and highlights the things that are now addressed by xacml 3.0

the implementers guide is okay but some details & choices are implicit.

 

 

 

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]