OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for 30 May 2013 TC Meeting

Time: 16:30 ET (GMT-0400)
Tel: 513-241-0892
Access Code: 65998

Minutes for 30 May 2013 TC Meeting

I. Roll Call & Minutes

  Roll call:

Quorum rule     	51% of voting members
Achieved quorum 	yes

Individual Attendance
Contributing Members:    10 of 66 (15%) 
Voting Members:           8 of 11 (72%) (used for quorum calculation)

Company Attendance	Contributing Companies: 8 of 30 (26%) 
Voting Companies:         6 of 8 (75%) 

Axiomatics      	David Brossard	Member
TSSG            	Bernard Butler	Member
The Boeing Company	Crystal Hayes	Voting Member
Veterans Health Admin	Mohammad Jafari	Voting Member
ViewDS          	Steven Legg	Voting Member
Oracle          	Rich Levinson	Secretary
Oracle          	Hal Lockhart	Chair
Individual      	Bill Parducci	Chair
EMC             	Remon Sinnema	Voting Member
The Boeing Company	John Tolbert	Voting Member

                 	Leigh Griffin	Visitor
   we have quorum

  Approve Minutes:
   16 May 2013 TC Meeting

    hal: minutes approved, no objection heard

II. Administrivia

  Presentation at today's meeting: 
	XACML & JS: Access Control Policy Performance paper (IEEE)
      document is here:
   direct link to pdf:
    PDF w slides has been uploaded:

    Submitter's message
     PDF of the slides to be presented at the XACML TC on May 30th,
      covering the topic of JSON-encoded XACML policies.
      Presented by Steven Davy, Bernard Butler (Waterford Institute of Technology),
       Leigh Griffin (Sun Life, former WIT)
     -- Dr. Steven Davy 

    XACML & JS: Access Control Policy Performance paper (IEEE)
     Rescheduled to 5/30 meeting

      Bernard Butler presents slides:

	on policy side xml not directly executed but pdp's own config
	 needs to be triggered.

	language is xacml 2.0 based and has some unimplemented
	 features such as Obligations

	hal: oasis policy is that xml schemas are not normative, just
	 that they must be consistent w normative description.

	 json different "layout" than xml: json based on arrays,
	   hashmaps, etc.
	 impl is one way: xml translates to json, but not reverse

	 req/rsp is similar to json profile that david is working on

	leigh griffin: discussed json, _javascript_, java

	  noted: aiming for "cloud" which is leaning away from
	   java/xml/soap and moving toward java,scala,_javascript_/json/rest

	  used "redis": key/value database: fast lookup (NoSQL)

     after pres:

       hal: 2 maillists dev,users (users unique to this tc)
	note: xacml originally used xml so tools could be developed
	 about it; however, xacml is a well-defined abstract language,
	 and any alternative notation: json, shorthand, etc would be
	 round trippable:

	assume the pdp would use its own format internally to represent
	 the policies and evaluate;

	also the xml req was not intended to be an efficient network

	finally, all attr vals would already have been fetched and exist
	 in objects

	hal: schema is guide to syntax but not a required feature,
	 and so avoided any defaulting by not requiring people
	 to look at the schema. motive was that people shouldn't
	 be constrained to specific parser, schema

	meeting adjourned: 5:43 PM

  ABAC Draft posted:
   comments due by May 31:
   john has proposed draft to send to NIST, requesting vote at today's mtg
   john and hal working on TC-overall comments:

     crystal: moves to make john's comments (msg00080) and hal's
      comments today:
      that john will edit together after the mtg as official tc submission
     john seconds:
     hal: unanimous approval, no objections heard

   rich posted own comments raising same issue as w TC on "Attributes"
    element being ungrammatical.

      john: since comments already went to vincent hu, no point adding
	them to tc official comments
      rich: ok

  Status of Profiles
    3 ballots have been set up for advancing profiles to OS:
        XACML EC-US Profile v1.0
        XACML IPC Profile v1.0
        REST Profile of XACML v3.0 Version 1.0

    hal created wiki page w document status:

  New profile proposal:
   XACML v3.0 Obligation and Advice Authority (OAA) Profile Version 1.0 uploaded
   several comments on this proposal - see maillist thru May 29:

   hal: noted

  Updated JSON profile posted:

  hal: since we are having a presentation, postpone issue discussion until
	next meeting: (4:50 PM)

III. Issues

  Distribution of obligations across multiple handlers: use cases posted to wiki
   by David Laurance of jpmorgan:

  JSON Profile - "Category vs Entity|Object issue"
   original proposal to "elevate" Category:
   rich raise concerns w that (note: this reply was accidentally
     against msg00022, it should have been against msg00021):
   steven comments on this issue as well:

  Generalizing on-permit-apply-second
   erik proposal:
   much discussion on above, but issues may have been settled during discussion:

  Errata: XPathCategroy
   (carrying over for future discussion)

  Obligations & Combining Algorithms
   (carrying over for future discussion)

Thanks, Rich

Rich Levinson | Internet Standards Security Architect
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803

            Oracle Oracle is committed to developing practices and products that help protect the environment

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]