[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for 4 October 2012 TC Meeting (updated)
Time: 13:00 EDT (GMT-0400) Tel: 513-241-0892 Access Code: 65998 Minutes for 4 October 2012 TC Meeting (updated): *** Corrections: for update to minutes, see<correction> tags below under the items "TCG IF-MAP" and "Import/Export", from Richard and John, respectively. *** Reminder: starting w next mtg (oct 18) we will be using the new time slot of Thursday: 5-6PM ET (where ET is current active: EST(GMT-0500) or EDT(GMT-0400)) *** Reminder: next mtg (oct 18) will be pres by Eve Maler on UMA/JACML. I. Roll Call& Minutes Roll call: Voting Members John Davis Crystal Hayes Richard Hill Rich Levinson Secretary Hal Lockhart Chair Bill Parducci Chair Erik Rissanen Remon Sinnema Danny Thorpe John Tolbert Members Mohammad Jafari Quorum rule 51% of voting members Achieved quorum yes Voting Members: 10 of 13 (76%) (used for quorum calculation) Agenda review: Hal: add item for TCG IF-MAP below req by Richard Hill, John Tolbert Approve Minutes: 20 September 2012 TC Meeting (updated) https://lists.oasis-open.org/archives/xacml/201209/msg00042.html Minutes approved: no objection to unanimous II. Administrivia RSA 2013 Status: "kick-off" mtg conf call: tue oct 9, 1pm ET https://lists.oasis-open.org/archives/xacml/201210/msg00000.html RSA booth space confirmed: https://lists.oasis-open.org/archives/xacml/201209/msg00031.html Hal: there is a "doodle poll" up to find out if there is a better weekly meeting time. we are in for RSA, at least 4 participants; also kmip will be there again as last year as well. more on calling a pdp as that develops. note: earlier proposed interops for oct,nov have been called off, because not able to get critical mass of coherence; too early for xacml 3.0, little motivation to redo last interop w no additional capabilities. Reminder: TC Meeting Time Change takes effect for next meeting: New time: Thursday 17:00 ET, 14:00 PT Start Date: Thursday, 18 October 2012 XACML v3.0 - Status CS-02 Approved as a candidate OASIS Standard (OS) by TC vote, which means that TC-Admin will start 60-day public review in prep for OASIS membership-wide OASIS Standard ballot. https://lists.oasis-open.org/archives/xacml/201209/msg00043.html Hal: spec will be posted by tc-admin w some name chgs on cover page, etc. - some logistics as well; once posted 60 day rev can begin. 60-day review can send it back to wd, but if not, then it can go to os. immediate: we need to make a submission req: hal will verify procedure w chet. https://lists.oasis-open.org/archives/xacml/201210/msg00003.html UMA/JACML Presentation Eve Maler has offered to give a presentation on UMA to explore possible commonalities and how our current JSON work may fit into their worldview (or vice versa). There is general agreement by the TC that this presentation/discussion be made the agenda for the 18 October 2012 meeting. refs: UMA core spec: http://tools.ietf.org/html/draft-hardjono-oauth-umacore-05 other UMA-related specs: http://docs.kantarainitiative.org/confluence/display/uma/Working+Drafts Hal: Eve will post slides in advance one way or another. Profiles: REST profile: Ray: update will be shortly JSON profile: Hal: david not here, look at next time. Import/Export: <correction> John: export "was" in pub review "EC-US public review ended on September 21." </correction> John: ipc: addressing issue Erik raised. Added item: TCG IF-MAP Hal: recalls someone from IF-MAP visited us. Richard: provides a repository to map devices; like twitter for devices; sends state to map server, which can then provide source of info to help security decisions. Want some of the operations to either allow/disallow clients to query repository, based on xacml; may use internal or external pdp. another scenario: can use map server as pip; need some kind of data connector to get attrs from it. want to do in collaboration w xacml tc; xacml tc would provide profile w attr defns. <correction> Richard: IF-MAP is an Interface for Metadata Access Points. A MAP server provides a repository of network device state information. Like twitter; devices can publish their state information to a map server, which can then be used as a source of information when making security decisions. One scenario is to provide an internal or external pdp to the MAP server to authorize operations to either allow/disallow clients to query the MAP repository, etc, based on xacml. Another scenario uses a MAP server as a PIP, which would require some kind of data connector to get attributes from it. We want to work in collaboration with the TCG IF-MAP working group; the XACML TC would provide a profile with attribute definitions. </correction> john: been working w juniper, who did pres couple years ago. IF-MAP not currently publicly viewable, but to write profile would be useful to use their exact language. Looking for liason point to expedite the process; hal: richard moves to appoint richard as primary and john as alternate from tc. john seconds: hal: will tc be able to see if-map work products; appointments will be for info gathering, but tc reserves right to vote on any explicit proposed profile specifics. john: possible use of openaz api for network access; hal: no objections, further comments so motion above approved. III. Issues Policy Template Profile: Wiki page discussion: issues w<Match> stmt usage https://lists.oasis-open.org/archives/xacml/201209/msg00040.html wiki page: https://wiki.oasis-open.org/xacml/Policy%20Template%20Profile examples: https://wiki.oasis-open.org/xacml/Policy%20Template%20Profile%20Examples danny: proposal came thru john-paul (see examples); want to reduce number of individual policies to maintain, so subst list of params; spotted some issues w match expresssion; proposed some transforms steven legg note condition expressions that do not accept multiple values; danny says starts to take wind out of it, because all the complexibility danny: erik suggested attr designator, but that does not apply to match. erik: would be easier to use existing parameter; matches would need to be transformed to conditions, understands problem danny mentioned; danny: attr desigs can be fulfilled by other than req attrs, such as attr retrievers. attr-id originates from backend; specifically: an attr-id that comes across the wire in the original req, as opposed to the req-ctx which gets all the attrs that are processed by the pdp thru attr-desig (rich) Media Types IETF Filing The TC is encouraged to look at the document and comment. http://datatracker.ietf.org/doc/draft-sinnema-xacml-media-type/ https://lists.oasis-open.org/archives/xacml/201209/msg00027.html Ray: it's out there, but no comments yet. Hal: people should take a look to make sure looks ok: Delegation/Policy Labeling Erik said at last mtg that he will be posting something to the list soon. Current state: delegation profile extension vs. substitution group https://lists.oasis-open.org/archives/xacml/201209/msg00001.html Erik: still pending. meeting adjourned 1:41 ET
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]