"There seems to be a level of
ambiguity in the evaluation (of policysets,
policies, and rules) that has ramifications on
The comment was based on my
understanding of the "ordered" combining
rules. The following comment is in the description of
"The following pseudo-code
represents the normative specification of this
combining algorithm. The algorithm is presented here
in a form where the
input to it is an array with children (the policies,
policy sets or rules) of the
policy or policy set.
The children may be processed in any order, so the set
of obligations or
advice provided by this algorithm is not
same comment appears in the "permit-overrides",
and "permit-unless-deny" algorithms.
The same situation existed in XACML 2.0 although the
effect on Obligations was
not as explicitly stated, although there was one
general comment in
2.0 section 7.14 "Obligations".
Time: 15:00 ET (GMT-0500)
I. Roll Call
Hal Lockhart (Chair)
Bill Parducci (Chair, minutes)
Quorum: YES (8 of 11 - 72%)
21 February 2013 TC Meeting
Future TC meeting times
Options (ET): 9:00am, 4:30pm, 5:00pm, 11:00pm
TC has 24 hours to submit additional time proposals to Bill who will
create a ballot on the Oasis site, duration one week. Format "vote
against" poll. results will be used to update time of TC meetings
Status EC-US/IPC Profiles
Passed review for CS status. Ready for Attestations.
John: Demonstrated new technology, went well. Higher degree of
interoperatbilty demonstrated over pervious years.
Action Item: Hal will gather materials from interop, confirm
approval to share and post demo materials.
Oasis is asking for 2014 participation now. Any interested parties
are encouraged to voice interest as soon as is feasible by posting
to the list.
John: A Profile for ISMAP would make for an interesting demo
XACML v3.0 Issues and Errata
Hal: There is an official process for errata. Main limitation is
only releasable annually. The wiki is likely the best place to
capture the errata.
Stephen: Example in REST Profile in what response should be
(non-normative). Remon explained that the text was
speculative based upon assumptions of operation.
Hal: suggest that there is a comment that highlights this
Starter Document/Obligation Profile for Healthcare
Mohammed: some of the Obligation material goes beyond the HC Profile.
Those things should come out into a more general Profile
and retain the HC specific content in a separate profile.
Hal: suggested mechanism for ensuring consistency of version in the
Hal: It is important that our next foray into Obligations should
drive semantics into a workable solution. TC members should
start considering requirements. Hal offered that his preference
is that the PDP remain unchanged in Obligation processing.
Perhaps PDP changes could be considered later. Use cases that
would not allow for this requested. Finally, the relationship
between Policy processing and Obligation need to be revisited
to address Obligations that are part of Policies dropped during
Mohammed: Combining algorithms seem to ignore Obligations.
Bill: There are some old discussions re: Obligations on the wiki for
those interested in looking at the historical discussions.
XACML v3.0 - multiple category elements, normative ambiguity?
Rich: There seems to be a level of ambiguity in the evaluation that
has ramifications on Obligations.
Hal: Please post any such finding so that we can explore it
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at: