Minutes for 4 October 2012 TC Meeting (updated)

[rich levinson <rich.levinson@oracle.com>]

Time: 13:00 EDT (GMT-0400)
Tel: 513-241-0892
Access Code: 65998

Minutes for 4 October 2012 TC Meeting (updated):

   *** Corrections: for update to minutes, see<correction>  tags below
	under the items "TCG IF-MAP" and "Import/Export",
	from Richard and John, respectively.

   *** Reminder: starting w next mtg (oct 18) we will be using
	the new time slot of Thursday: 5-6PM ET
	 (where ET is current active: EST(GMT-0500) or EDT(GMT-0400))

   *** Reminder: next mtg (oct 18) will be pres by Eve Maler on UMA/JACML.


I. Roll Call&  Minutes

  Roll call:

 Voting Members
  John Davis
  Crystal Hayes
  Richard Hill
  Rich Levinson	Secretary
  Hal Lockhart	Chair
  Bill Parducci	Chair
  Erik Rissanen
  Remon Sinnema
  Danny Thorpe
  John Tolbert

 Members
  Mohammad Jafari

 Quorum rule		51% of voting members
 Achieved quorum	yes
 Voting Members: 	10 of 13 (76%) (used for quorum calculation)


  Agenda review:

   Hal: add item for TCG IF-MAP below req by Richard Hill, John Tolbert


  Approve Minutes:
   20 September 2012 TC Meeting (updated)
   https://lists.oasis-open.org/archives/xacml/201209/msg00042.html

	Minutes approved: no objection to unanimous


II. Administrivia

  RSA 2013 Status:
   "kick-off" mtg conf call: tue oct 9, 1pm ET
     https://lists.oasis-open.org/archives/xacml/201210/msg00000.html
   RSA booth space confirmed:
     https://lists.oasis-open.org/archives/xacml/201209/msg00031.html

      Hal: there is a "doodle poll" up to find out if there is a better
	weekly meeting time.

	we are in for RSA, at least 4 participants; also kmip will be
	 there again as last year as well.

	more on calling a pdp as that develops.

	note: earlier proposed interops for oct,nov have been called off,
	 because not able to get critical mass of coherence; too early
	 for xacml 3.0, little motivation to redo last interop w no
	 additional capabilities.


  Reminder: TC Meeting Time Change takes effect for next meeting:
   New time: Thursday 17:00 ET, 14:00 PT
   Start Date: Thursday, 18 October 2012


  XACML v3.0 - Status
   CS-02 Approved as a candidate OASIS Standard (OS) by TC vote,
    which means that TC-Admin will start 60-day public review
    in prep for OASIS membership-wide OASIS Standard ballot.
     https://lists.oasis-open.org/archives/xacml/201209/msg00043.html

    Hal: spec will be posted by tc-admin w some name chgs on cover page,
	etc. - some logistics as well; once posted 60 day rev can begin.

     60-day review can send it back to wd, but if not, then it can go to os.

     immediate: we need to make a submission req: hal will verify procedure w chet.
       https://lists.oasis-open.org/archives/xacml/201210/msg00003.html


  UMA/JACML Presentation
   Eve Maler has offered to give a presentation on UMA to explore possible
   commonalities and how our current JSON work may fit into their worldview
   (or vice versa). There is general agreement by the TC that this
   presentation/discussion be made the agenda for the 18 October 2012
   meeting.
    refs:
     UMA core spec:
      http://tools.ietf.org/html/draft-hardjono-oauth-umacore-05
     other UMA-related specs:
      http://docs.kantarainitiative.org/confluence/display/uma/Working+Drafts

    Hal: Eve will post slides in advance one way or another.

  Profiles:

    REST profile:
      Ray: update will be shortly

    JSON profile:
      Hal: david not here, look at next time.

    Import/Export:
     <correction>
      John: export "was" in pub review
          "EC-US public review ended on September 21."
     </correction>

      John: ipc: addressing issue Erik raised.

  Added item: TCG IF-MAP
    Hal: recalls someone from IF-MAP visited us.
    Richard: provides a repository to map devices; like twitter for devices;
	sends state to map server, which can then provide source of info
	to help security decisions. Want some of the operations to either
	allow/disallow clients to query repository, based on xacml; may
	use internal or external pdp.

	another scenario: can use map server as pip; need some kind of
	data connector to get attrs from it. want to do in collaboration
	w xacml tc; xacml tc would provide profile w attr defns.

   <correction>
    Richard: IF-MAP is an Interface for Metadata Access Points.
	A MAP server provides a repository of network device state information.
	Like twitter; devices can publish their state information to a map server,
	 which can then be used as a source of information when making security
	 decisions.
	One scenario is to provide an internal or external pdp to the MAP server
	 to authorize operations to either allow/disallow clients to query
	 the MAP repository, etc, based on xacml.

	Another scenario uses a MAP server as a PIP, which would require some kind
	 of data connector to get attributes from it.
	We want to work in collaboration with the TCG IF-MAP working group;
	 the XACML TC would provide a profile with attribute definitions.
   </correction>

   john: been working w juniper, who did pres couple years ago. IF-MAP not
	currently publicly viewable, but to write profile would be useful
	to use their exact language. Looking for liason point to expedite
	the process;

   hal: richard moves to appoint richard as primary and john as alternate
	from tc.
	john seconds:

   hal: will tc be able to see if-map work products; appointments will be
	for info gathering, but tc reserves right to vote on any explicit
	proposed profile specifics.

   john: possible use of openaz api for network access;

    hal: no objections, further comments so motion above approved.

III. Issues

  Policy Template Profile: Wiki page discussion:
   issues w<Match>  stmt usage
    https://lists.oasis-open.org/archives/xacml/201209/msg00040.html
   wiki page:
    https://wiki.oasis-open.org/xacml/Policy%20Template%20Profile
   examples:
    https://wiki.oasis-open.org/xacml/Policy%20Template%20Profile%20Examples

    danny: proposal came thru john-paul (see examples); want to reduce number
	of individual policies to maintain, so subst list of params;

	spotted some issues w match expresssion; proposed some transforms

	steven legg note condition expressions that do not accept multiple
	 values; danny says starts to take wind out of it, because all
	 the complexibility

	danny: erik suggested attr designator, but that does not
	 apply to match.

	erik: would be easier to use existing parameter; matches would need
	 to be transformed to conditions, understands problem danny mentioned;

	danny: attr desigs can be fulfilled by other than req attrs, such as
	 attr retrievers. attr-id originates from backend;

	 specifically: an attr-id that comes across the wire in the original req,
	  as opposed to the req-ctx which gets all the attrs that are processed
	  by the pdp thru attr-desig (rich)

  Media Types IETF Filing
   The TC is encouraged to look at the document and comment.
    http://datatracker.ietf.org/doc/draft-sinnema-xacml-media-type/
    https://lists.oasis-open.org/archives/xacml/201209/msg00027.html

   Ray: it's out there, but no comments yet.
   Hal: people should take a look to make sure looks ok:


  Delegation/Policy Labeling
   Erik said at last mtg that he will be posting something to the list soon.
   Current state: delegation profile extension vs. substitution group
   https://lists.oasis-open.org/archives/xacml/201209/msg00001.html

    Erik: still pending.


	meeting adjourned 1:41 ET