OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: WG: raw notes from f2f day 2: 9:00-12:15 AM

second try.....didn’t went through the first round


Von: Jan Herrmann [mailto:herrmann_jan@gmx.de]
Gesendet: Mittwoch, 29. Juni 2011 23:19
An: 'xacml@lists.oasis-open.org'
Betreff: raw notes from f2f day 2: 9:00-12:15 AM


below the raw notes from the f2f day 2 – morning session. They are not very detailed given the unstructured nature of the discussions.

best regards




Minutes 29th of June 9 am - 12:15 pm





      rich levinson



      greg nevin

      jan herrmann

      david choy

      david button

      john tolbert

      david chadwick


David C.:

Introduction to the Break the glass profile

workflow intro

Hal: repetition of the architecture

Jan: more generic view possible. state is the central part

David/Hal/Jan: discussion on the general use case

Jan: intro to a similar use case: rewrite obligations....

David Co.: global BTG`

David application dependant

Jan: standardise state-service interface

Hal: many ways to do it


continue of the btg profile intro

advice-id that needs to be standardised

Jan: comment on section4 -> different ways how to submit the break the glass action: extra service-language? vs. extended app interface

Erik/Jan: discussion on how to represent the attributes

Hal: need for the obligation to set the state

David/Hal/Jan/Erik/Rich: discussion

Hal: coupling between two policies, break the glass advice & right to set the state

David Co: why so complicated, can be outsourced

David: highlights the importance

David Co: performance overhead

David: explains that only btg process is triggered if the adr describes a corresponding situation. not the general case...

Jan: dependency of rights

Hal: when do you trigger btg process?

David: section 5 --> discussion

Hal: agenda for the next two days. obligation&advice combining, than continue of break the glass, other items.

Hal: rich discovered the asymmetry in the effect if deny-overrides comb-alg. is used with advices and obligations. the issue: what is evaluated, which obligations&advices get fired

Erik: defend that the asymmetry is okay.


implementers guide on the combing algorithms discussion

points to an acm paper on xacml ambiguities -> Access Control Policy Combining: Theory Meets Practice (https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2008-9-report.pdf)

draws an example showing the problem

Hal: demonstrates the obligation families slides

Andy: user performs a single action addressing multiple rsources-> multiple obligations that are equal--> need for mechanisms to combine equal obligations


goes through the mentioned paper and highlights the things that are now addressed by xacml 3.0

the implementers guide is okay but some details & choices are implicit.





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]