OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Minutes 4 April 2013 TC Meeting


Time: 16:30 ET (GMT-0500)
Tel: 513-241-0892
Access Code: 65998

I. Roll Call
  Voting Members:
   Crystal Hayes
   Richard Hill
   Mohammad Jafari
   Steven Legg
   Rich Levinson
   Hal Lockhart (Co-Chair)
   Bill Parducci (Co-Chair)
   Richard Skedd
   Danny Thorpe
   John Tolbert

  Qurom: 10 of 12 (83% per Oasis site)

  Approve Minutes:
   21 March 2013 TC Meeting
   APPROVED UNANIMOUSLY

II. Administrivia
  IPC/EC-US Profiles
   These have received sufficient number of Attestations to proceed to 
   Oasis standards vote. John indicated that he was interested in taking 
   that step. Hal noted that the next step will be to gather the 
   appropriate documentation for submission.

  ITU-T Submission
   The vote to submit XACML Core v3.0 to ITU-T is currently at 10 
   votes and officially closes this evening. Oasis is working on the 
   submission today to present to ITU-T.

  ANSI cross certification 
   John asked that the ramifications of this were to XACML. Hal noted 
   that this is more of something at the "Oasis Level" and should not have 
   an immediate effect on the TC. Hal will discuss further with Oasis.

  REST Profile
   Bill noted that CS status vote is currently at 10 votes to 
   approve. John asked if Attestations can begin. Hal clarfied that they 
   may once the ballot closes and that there is no official request 
   mechanism. The URL needs to be published on the doc server to generate 
   Attestations however, this will be published at the close of the ballot.

  RSA 2014
   Hal sent a note to Jane Harnad a few weeks ago stating that the TC 
   is interested but unlikely able to get financial commitments by the end 
   of the month. He will follow-up with her to determine what the current 
   state of this is.

  XACML & JS 
   Hal noted that Waterford Institute posted a paper of an XACML subset 
   in Javascript. They are in the process of joining Oasis. Hal proposed 
   that they have 30 minutes on next call to discuss, which was met with 
   general consensus by the group. The Chairs will reach out to the 
   authors to schedule the presentation. Danny asked if this work was 
   representational or PDP implementation. Hal responded that he believes 
   both, although only with a subset of the full specification.

  MAP Profile
   Richard reviewed MAP Profile. Trusted Computing group slated to 
   release their work. He intends to release the XACML MAP Profile draft 
   sometime soon thereafter. Richard proposed to invite a speaker from 
   Juniper to discuss MAP, tentatively at the 5/2 meeting. There is 
   general consensus to pursue this, schedule permitting.

III. Issues
  Obligations and Combiners
   Steven summarized the current discussion thus: When 2 rules are 
   applicable in an evaluation and one carries an Obligation while the 
   other doesn't, the determination of how this is applied is not 
   specified (non deterministic). He then reviewed the discussion the list 
   and listed 3 alternatives being proposed:

   * Steven: concept of the Obligation & Advice Authority
   * Mohammad: extend current language for combining
   * David: leave the language as is (issue unmerited)

   Bill verified that the OAA proposal introduces reduces Obligation 
   processing to the final Subject, Action, Resource, thereby stripping 
   out potential Obligations conflicts gathered during rule processing. 
   Steven clarified that the decision made by the Context handler would 
   pass and additional attribute to the OAA indicating Action derived. 
   Danny also voiced interest in this approach. 
   Mohammad reiterated a point he made on the list describing the need 
   for all contextual information to be passed to the OAA (and issues that 
   may cause), to which Steven responded that he felt that case to be 
   unlikely. Hall encouraged the TC to bring forth "real world" Use Cases 
   that can be used as the basis for addressing the issue going forward. 
   Hal further stated that he currently believes at least some of the 
   issues being addressed by the OAA could be handled by moving 
   Obligations higher in the Policy hierarchy. 

meeting adjourned.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]