[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for 30 May 2013 TC Meeting
Time: 16:30 ET (GMT-0400) Tel: 513-241-0892 Access Code: 65998 Minutes for 30 May 2013 TC Meeting I. Roll Call & Minutes Roll call: Quorum rule 51% of voting members Achieved quorum yes Individual Attendance Contributing Members: 10 of 66 (15%) Voting Members: 8 of 11 (72%) (used for quorum calculation) Company Attendance Contributing Companies: 8 of 30 (26%) Voting Companies: 6 of 8 (75%) Axiomatics David Brossard Member TSSG Bernard Butler Member The Boeing Company Crystal Hayes Voting Member Veterans Health Admin Mohammad Jafari Voting Member ViewDS Steven Legg Voting Member Oracle Rich Levinson Secretary Oracle Hal Lockhart Chair Individual Bill Parducci Chair EMC Remon Sinnema Voting Member The Boeing Company John Tolbert Voting Member Leigh Griffin Visitor we have quorum Approve Minutes: 16 May 2013 TC Meeting https://lists.oasis-open.org/archives/xacml/201305/msg00036.html hal: minutes approved, no objection heard II. Administrivia Presentation at today's meeting: XACML & JS: Access Control Policy Performance paper (IEEE) document is here: https://www.oasis-open.org/apps/org/workgroup/xacml/document.php?document_id=49346 direct link to pdf: PDF w slides has been uploaded: https://www.oasis-open.org/apps/org/workgroup/xacml/download.php/49346/tssgJSONpolicies20130530.pdf Submitter's message PDF of the slides to be presented at the XACML TC on May 30th, covering the topic of JSON-encoded XACML policies. Presented by Steven Davy, Bernard Butler (Waterford Institute of Technology), Leigh Griffin (Sun Life, former WIT) -- Dr. Steven Davy XACML & JS: Access Control Policy Performance paper (IEEE) Rescheduled to 5/30 meeting Bernard Butler presents slides: on policy side xml not directly executed but pdp's own config needs to be triggered. language is xacml 2.0 based and has some unimplemented features such as Obligations hal: oasis policy is that xml schemas are not normative, just that they must be consistent w normative description. bernard: json different "layout" than xml: json based on arrays, hashmaps, etc. impl is one way: xml translates to json, but not reverse req/rsp is similar to json profile that david is working on leigh griffin: discussed json, _javascript_, java noted: aiming for "cloud" which is leaning away from java/xml/soap and moving toward java,scala,_javascript_/json/rest used "redis": key/value database: fast lookup (NoSQL) after pres: hal: 2 maillists dev,users (users unique to this tc) note: xacml originally used xml so tools could be developed about it; however, xacml is a well-defined abstract language, and any alternative notation: json, shorthand, etc would be round trippable: assume the pdp would use its own format internally to represent the policies and evaluate; also the xml req was not intended to be an efficient network representation; finally, all attr vals would already have been fetched and exist in objects hal: schema is guide to syntax but not a required feature, and so avoided any defaulting by not requiring people to look at the schema. motive was that people shouldn't be constrained to specific parser, schema meeting adjourned: 5:43 PM ABAC Draft posted: https://lists.oasis-open.org/archives/xacml/201305/msg00015.html comments due by May 31: john has proposed draft to send to NIST, requesting vote at today's mtg https://lists.oasis-open.org/archives/xacml/201305/msg00080.html john and hal working on TC-overall comments: https://lists.oasis-open.org/archives/xacml/201305/msg00075.html crystal: moves to make john's comments (msg00080) and hal's comments today: https://lists.oasis-open.org/archives/xacml/201305/msg00084.html that john will edit together after the mtg as official tc submission john seconds: hal: unanimous approval, no objections heard rich posted own comments raising same issue as w TC on "Attributes" element being ungrammatical. https://lists.oasis-open.org/archives/xacml/201305/msg00076.html john: since comments already went to vincent hu, no point adding them to tc official comments rich: ok Status of Profiles 3 ballots have been set up for advancing profiles to OS: XACML EC-US Profile v1.0 XACML IPC Profile v1.0 REST Profile of XACML v3.0 Version 1.0 https://lists.oasis-open.org/archives/xacml/201305/msg00070.html hal created wiki page w document status: https://lists.oasis-open.org/archives/xacml/201305/msg00028.html New profile proposal: XACML v3.0 Obligation and Advice Authority (OAA) Profile Version 1.0 uploaded https://lists.oasis-open.org/archives/xacml/201305/msg00071.html several comments on this proposal - see maillist thru May 29: https://lists.oasis-open.org/archives/xacml/201305/maillist.html https://lists.oasis-open.org/archives/xacml/201305/msg00081.html hal: noted Updated JSON profile posted: https://lists.oasis-open.org/archives/xacml/201305/msg00083.html hal: since we are having a presentation, postpone issue discussion until next meeting: (4:50 PM) III. Issues Distribution of obligations across multiple handlers: use cases posted to wiki by David Laurance of jpmorgan: https://lists.oasis-open.org/archives/xacml/201305/msg00063.html JSON Profile - "Category vs Entity|Object issue" original proposal to "elevate" Category: https://lists.oasis-open.org/archives/xacml/201305/msg00021.html rich raise concerns w that (note: this reply was accidentally against msg00022, it should have been against msg00021): https://lists.oasis-open.org/archives/xacml/201305/msg00027.html steven comments on this issue as well: https://lists.oasis-open.org/archives/xacml/201305/msg00029.html Generalizing on-permit-apply-second erik proposal: https://lists.oasis-open.org/archives/xacml/201305/msg00032.html much discussion on above, but issues may have been settled during discussion: https://lists.oasis-open.org/archives/xacml/201305/msg00069.html Errata: XPathCategroy (carrying over for future discussion) Obligations & Combining Algorithms (carrying over for future discussion) --
Thanks, Rich
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]