OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for 11 August 2011 TC Meeting

Time: 13:00 EDT
Tel: 513-241-0892
Access Code: 65998

Minutes for 11 August 2011 TC Meeting:

I Roll Call


Erik Rissanen	Axiomatics	Group Member
Paul Tyson	Bell Helicopter Textron Inc.	Group Member
Remon Sinnema	EMC	Group Member
Bill Parducci*	Individual	Group Member
Anthony Nadalin	Microsoft	Group Member
Rich Levinson	Oracle	Group Member
Hal Lockhart	Oracle	Group Member
John Tolbert	The Boeing Company*	Group Member


Crystal Hayes	The Boeing Company*	Group Member
Richard Hill	The Boeing Company*	Group Member
Abbie Barbir	Bank of America	Group Member
Stefan Bohm	iC Consult GmbH	Group Member

   bill: we have quorum

  Approve Minutes:

   hal: agenda ok? ok.

   28 July 2011 TC Meeting

   hal: any additions, corrections, objections to unan consent: none heard

II Administrivia

   Reminder: we are back on 2 week meeting schedule: next mtg 8/25.

   Reminder: also at the 8/25 meeting:  Andrea Westerinen of CA Technologies
     will be giving a presentation at this meeting on an overview of the
     structure and semantics of the XACML Policy Language compared with
     several other policy languages.
     The slides are ref'd in this email from John Tolbert:

     hal: talk will take full mtg

   Oasis announcement:  Registration Opens for Int’l Cloud Symposium

   Oasis announcement: IdTrust elections (vote by 5PM EDT: 8/23):

   V3 Status:
    SAML, RBAC and Core specs submitted to TC-Admin as Committee Specs
     for Public Review. There has been some discussion on list, but
     2 of the 3 specs appear ready to start. Need status update:
     requests submitted and ack'd by TC-Admin:
      XACML 3.0 Core:
      RBAC profile:
      SAML/XACML Profile:

     hal: last call we approved the above docs for public review, needed
	to do one more ballot, which was done and approved
     bill: chet is taking next steps to advance the process, however,
	15-day pub rev has not yet started - in hands of tc-admin

   IPC WD-03 DOC uploaded for consideration to elevate to CD then CS

     hal: john?
     john: based on internal research added a few attributes, exp date,
	use restrictions, clarifications to things that came up
	before, erik posted to list, looking for additional input.
     hal: posted 2 days ago, everyone should look at it:
     john: non-normative guidance: if patent, include patent#, etc.

     paul: would like to see more examples: patents, copyrights,
	trademarks; notifications vs access ctl; what is purpose
	of profile - would an obligation suffice?

     john: on subject of patent, and obl could handle it; but we do
	have patent license agreement, and if exchg xacml policies
	it would pertain to whatever was involved
     hal: parallel to trade secrets; even if not access ctl, it is
	still reasonable;
     paul: need examples to demo purpose of profile; w/o input on
	actual usage, no one really knows what's needed or not
     hal: this is basically a set of symbols that you can use or
	not use, but not in any particular way

     rich: are chgs visible in word?
     john: no, it's a clean copy
     hal: maybe a diff could be provided if not too difficult or
	if too extensive.

     paul: patent, trademark, copyright pretty clearly defined legally.
	trade secret is not so clear and varies w time;

     hal: calling it a trade secret is vital, however, specific implications
	are subject to legal interpretation which is beyond this scope

     paul: will post a description of what issue is.
     paul: one more thing; instead of license, maybe something more general
	that covers all these things in common: ex. 2 or more parties,
	and there are things that are applicable that could be

     hal: any other comments? none heard next topic

     hal: open issues, people not here today.
     hal: reminder: next call 8/25 is presentation
     hal: mtg adjourned 1:29 PM EDT.

  items below not discussed:

   Proposed list of XACML 2.0 ->   3.0 differences:
    actions from last mtg minutes:
   ->  david: will be editor: work will be on wiki
   ->  hal: will post prev presentations
   ->  rich: wanted to be able to add page(s) to wiki

     hal: if anyone wants to contribute, go ahead;

   Conformance requirements:
    details of oasis rules posted in last mtg minutes:
    while it appears there is adequate text to meet oasis reqts,
     there may be questions as to the open-endedness of the
     statements, being too broad to be practical to verify.
    Bug in conformance test?: (should be covered by above discussion)

    hal: still need to get 3.0 tests to point where people can determine
	if they are compatible.

III Issues:

Issue status:

  Proposed list of XACML 2.0 ->   3.0 differences:
   Doron proposed:
   comments from Abbie, David B.:

  Attribute predicate
   Greg Neven indicated that he will try to have an update by the next TC

Items below have had no status change since last mtg:

  Examples of XACML implementations
   Ray proposal (pls clarify if context is 2.0/3.0/both?):
   David B. volunteers support:

  xacml-dev: Target Matching question (root PDP Policy issue):
   several follow-up comments from TC and others:

  xacml-users: SAML/XACML usage questions (several msgs in this link):
   related question on saml/xacml schema usage:

  Terminology issue: Need "entity" notion in spec and/or support doc:
   rich has action (last wk's minutes):

Old Issues: (Review status for chgs after F2F):

  F2F - Review minutes for action items, decisions of significance

  Obligations/Advice combining

  WD-20 Questions/Issues

  XACML PEP (nee PDP REST Interface)

  Indeterminate Policy Target

  XACML Implementers Guide

  Attribute predicate profile for SAML and XACML - ray comment

  XACML Metadata

  Attribute predicate Profile for SAML and XACML

  Break The Glass Profile

  Profile Examples (Hierarchy)

  PIP directive (additional information directives)

  Usage of status:missing-attribute in case of an AttributeSelector

  "Web Friendly" Policy Ids

  Specifying a specific associated Resource in a Policy (Sticky Policies)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]