[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for XACML TC Meeting 23 Fenruary 2012
I. Roll Call & Approve Minutes: Voting Members Crystal Hayes Richard Hill Rich Levinson Hal Lockhart (Chair) Bill Parducci (Co-Chair/Minutes) Remon Sinnema Danny Thorpe John Tolbert Paul Tyson Members Erik Rissanen Quorum met: (90% per Oasis) Minutes from 9 February 2012 TC meeting voted on. APPROVED UNANIMOUSLY. II. Administrivia RSA InterOp Status RSA next week. Everything is ready to go. John has added some slides, looking for feedback. ITU and XACML Abbie Barbir had posted a notification a presentation to ITU re: XACML v3.0 Media types Ray got doc started, Robin from Oasis offered to help. Need to get types defined to move forward. Ray asked if there were XACML version dependencies on the types. Hal noted this was not necessary for XML but noted that we need to mechanism for JSON is separate, Ray's initial types should cover these cases. RuleML Paul noted that this upload was mostly a "shell" document to frame the conversation. IPC Profile John stated that it is in a "frozen" state, until after the interop at RSA. Rich suggested that the typo would affect the sample. Richard noted that this has been corrected in WD-08. WD-07 will be used for the interop. XACML v3.0 Open Items Issue #3: Combining Algorithm Hal summarized the general consensus that the TC proceed this new algorithm as a separate Profile and leave open the option to take a more detailed look at incorporating this into the core specification at a later date. Issue #4 Context Handler Ray will make a proposal for updating the flow-model and clarify Attribute retrieval in section 7.3.5 by the next meeting. Paul offered that additional verbiage that effectively notes that all attributes are available "as-is" at the time of evaluation, noting that is possible for attribute variation may occur during attribute retrieval. Paul will explore how to address this descriptively. Issue #5: Higher Order Function Generalization Erik noted that no new work has been done on this. Hal suggested that the new identifiers be added, leaving the older identifiers. Erik offered that only the 3.0 identifiers be listed and the old identifiers be listed as future deprecation. Paul agreed. Issue 6: Section 5.29 AttributeDesignator missing xs:element line Erik will correct this typo. Issue 7: URI equality Hal suggested that there be two distinct matching mechanisms for URIs. Erik offered that a code point by code point match is sufficient. Hal asked if there is general consensus that the spec will not address all cases of URI matching, rather Erik's approach will be specified for name space matches and general matching is outside of the scope of the spec. Rich asked that a distinct proposal be made to the list before making a decision. Paul raised a concern that this will create ambiguity on matching. Erik, Hal noted that there is a lot ambiguity in this function generally. XPath has dropped it's definition in v2.0. Paul suggested that we refer to the XACML definition in all cases. Code point matching (effectively string matching with allowance for conversion) will be explored further as it pertains to the spec. Erik will address this in the next WD and post it to the list for review. Issue #8 Schema Anomalies Hal observed that you can define Policies with no Rules. Paul noted that this doesn't effect the output of a Policy evaluation because the new combining algorithms allow for this. Hal asked how this is handled. Erik noted that a Policy without any Rules will invoke and algorithm without any Rules. Depending upon the algorithm, the appropriate Permit|Deny|Not Applicable answer will be returned based upon the nature of the algorithm. Erik referred to the TC list from last year as the original discussion. Rich offered that further clarity is necessary for implementation. Erik responded that it is not impractical that special cases be called out in the spec. Hal suggested that "no rule" is unique enough to merit a comprehensive statement. Paul suggested that this is something that should be defined in a developer's notes. This issue is held until the next call. meeting adjourned.