OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Minutes for XACML TC Meeting 23 Fenruary 2012


I. Roll Call & Approve Minutes:
 Voting Members
  Crystal Hayes
  Richard Hill
  Rich Levinson
  Hal Lockhart (Chair)
  Bill Parducci (Co-Chair/Minutes)
  Remon Sinnema
  Danny Thorpe
  John Tolbert
  Paul Tyson

 Members
  Erik Rissanen
 Quorum met: (90% per Oasis)

Minutes from 9 February 2012 TC meeting voted on.
  APPROVED UNANIMOUSLY.

II. Administrivia
 RSA InterOp Status
  RSA next week. Everything is ready to go. John has added some slides,
  looking for feedback.

 ITU and XACML
  Abbie Barbir had posted a notification a presentation to ITU re: XACML
  v3.0

 Media types
  Ray got doc started, Robin from Oasis offered to help. Need to get
  types defined to move forward. Ray asked if there were XACML version
  dependencies on the types. Hal noted this was not necessary for XML 
  but noted that we need to mechanism for JSON is separate, Ray's
  initial types should cover these cases.

 RuleML
  Paul noted that this upload was mostly a "shell" document to frame
  the conversation. 

 IPC Profile
  John stated that it is in a "frozen" state, until after the interop
  at RSA. Rich suggested that the typo would affect the sample. Richard
  noted that this has been corrected in WD-08. WD-07 will be used for
  the interop.

 XACML v3.0 Open Items
  Issue #3:  Combining Algorithm
  Hal summarized the general consensus that the TC proceed this new
  algorithm as a separate Profile and leave open the option to take a
  more detailed look at incorporating this into the core specification
  at a later date.

  Issue #4 Context Handler
  Ray will make a proposal for updating the flow-model and clarify
  Attribute retrieval in section 7.3.5 by the next meeting. Paul
  offered that additional verbiage that effectively notes that all
  attributes are available "as-is" at the time of evaluation, noting
  that is possible for attribute variation may occur during attribute
  retrieval. Paul will explore how to address this descriptively.

  Issue #5: Higher Order Function Generalization
  Erik noted that no new work has been done on this. Hal suggested that
  the new identifiers be added, leaving the older identifiers. Erik
  offered that only the 3.0 identifiers be listed and the old
  identifiers be listed as future deprecation. Paul agreed.

  Issue 6: Section 5.29 AttributeDesignator missing xs:element line
  Erik will correct this typo.

  Issue 7: URI equality
  Hal suggested that there be two distinct matching mechanisms for URIs.
  Erik offered that a code point by code point match is sufficient. Hal
  asked if there is general consensus that the spec will not address all
  cases of URI matching, rather Erik's approach will be specified for
  name space matches and general matching is outside of the scope of
  the spec. Rich asked that a distinct proposal be made to the list
  before making a decision. Paul raised a concern that this will create
  ambiguity on matching. Erik, Hal noted that there is a lot ambiguity
  in this function generally. XPath has dropped it's definition in v2.0.
  Paul suggested that we refer to the XACML definition in all cases.
  Code point matching (effectively string matching with allowance for
  conversion) will be explored further as it pertains to the spec. Erik
  will address this in the next WD and post it to the list for review.

  Issue #8 Schema Anomalies
  Hal observed that you can define Policies with no Rules. Paul noted
  that this doesn't effect the output of a Policy evaluation because
  the new combining algorithms allow for this. Hal asked how this is
  handled. Erik noted that a Policy without any Rules will invoke and
  algorithm without any Rules. Depending upon the algorithm, the
  appropriate Permit|Deny|Not Applicable answer will be returned based
  upon the nature of the algorithm. Erik referred to the TC list from
  last year as the original discussion. Rich offered that further
  clarity is necessary for implementation. Erik responded that it is
  not impractical that special cases be called out in the spec. Hal
  suggested that "no rule" is unique enough to merit a comprehensive
  statement. Paul suggested that this is something that should be
  defined in a developer's notes. This issue is held until the next
  call. 

meeting adjourned.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]