[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes 13 June 2013 TC meeting
Time: 16:30 ET (GMT-0500) Tel: 513-241-0892 Access Code: 65998 I. Roll Call Voting Members: Hal Lockhart (Chair) Bill Parducci (Chair) Crystal Hayes Richard Hill Mohammad Jafari Steven Legg Remon Sinnema John Tolbert Members David Brossard Quorum met: 72% Approve Minutes: 30 May 2013 TC Meeting Approved unanimously II. Administrivia Request/Response Interface based on JSON and HTTP for XACML 3.0 Version 1.0 uploaded David: Request's feedback. will upload a clean version and will submit for Committee Draft. TC members encouraged to review. David noted that Attributes were mapped to Category in JSON. Steven/Hal: noted that Rich was in favor of Entity. There were no objections to the use of Entity. This will be reflected in the next version. Hal: This will be a 30-day review since it is the first review. Response to NIST Hal: response to NIST ABAC document was sent. NIST ABAC Workshop Hal and John Tolbert received invites. John: reviewed the context of NIST work based upon his recent interaction with the group. John has extended an invitation to anyone in the TC who is interested to participate. Hal and someone from Axiomatics will be in attendance for this 1-day event in Maryland. Export Compliance Profile Candidate Oasis Standard: PASSED IPC Profile Candidate Oasis Standard: PASSED ACTION ITEM: Editors are requested to begin collecting the materials necessary for submission of vote for specification. (Section 3.4.1, Items A-K) John: Would like to submit both of these with REST REST Profile Candidate Oasis Standard: FAILED VOTE to request TC Administration to start a Special Majority Vote to approve Committee Specification REST Profile of XACML v3.0, Version 1.0 as an Oasis Standard. Authoritative Version: http://docs.oasis-open.org/xacml/xacml-rest/v1.0/cs01/xacml-rest-v1.0-cs01.doc Motion to request: Remon Sinnema Second: David Broussard VOTE: Approved unanimously TCG TNC MAP Content Authorization Spec Richard: This specification is much detailed than the Profile that was submitted. Should the comments be submitted individually or rolled-up? Hal: The TC is encouraged to review the work. Individual feedback is the only practical manner given the timeline. III. Issues NEW OAuth Scope expressed in XACML Hal: briefly reviewed OAuth and how XACML fits in with OAuth "Scope". This approach solves a perceived gap in OAuth using mostly existing XACML machinery. The solution depends upon a mapping of XACML Policy onto JSON. XSPA New Use Case Mohammad: A Policy is dynamically created in the Request Context. The goal is to attach a Policy with the request and submit it to the PDP. Hal: v3.0 this can be supported with administrative delegation Profile. They exist in the Request Context, but require an Admin Policy that allows the requester to evoke that policy. Steven: This is actually in the SAML Profile. Also, the JSON encoding doesn't provide this capability in a Request. Distribution of obligations across multiple handlers Use cases posted to wiki TC Members encouraged to review. JSON Profile - "Category vs Entity|Object issue" No discussion. Generalizing on-permit-apply-second Bill: I'm withholding further comment until Erik is able post his proposal. Errata: XPathCategroy Hal: This bring to mind the effort to track v3.0 errata. ACTION ITEM: Bill to check status. Obligations & Combining Algorithms Steven: Looking for a way to make Obligations easier to handle to avoid making big changed to the Core spec. Erik has since then come back suggesting that we may wish to pursue something more aggressive. Hal: This is something that we will likely need to get a handle on pretty soon given the increase in interest in the area. meeting adjourned.