Minutes for 27 June 2013 TC Meeting

[rich levinson <rich.levinson@oracle.com>]

Time: 16:30 EDT (GMT-0400)
Tel: 513-241-0892
Access Code: 65998

Minutes for 27 June 2013 TC Meeting

I. Roll Call & Minutes

 Roll call:

Voting Members

Crystal Hayes   The Boeing Company
Richard Hill    The Boeing Company   
Steven Legg     ViewDS    
Rich Levinson   Oracle    
Hal Lockhart    Oracle    
Remon Sinnema   EMC
Danny Thorpe    Dell
John Tolbert    The Boeing Company

  hal: we have quorum

 Approve Minutes:
  13 June 2013 TC Meeting
  https://lists.oasis-open.org/archives/xacml/201306/msg00008.html

   hal: any objections: none heard; minutes approved

II. Administrivia

   New:

    note: since agenda, wd-5 has been posted:
      https://lists.oasis-open.org/archives/xacml/201306/msg00045.html
    xacml-3.0-combalgs-v1.0-wd04.doc uploaded
     https://lists.oasis-open.org/archives/xacml/201306/msg00019.html
      core spec issue?
       erik:   https://lists.oasis-open.org/archives/xacml/201306/msg00020.html
       bill:   https://lists.oasis-open.org/archives/xacml/201306/msg00022.html
       erik:   https://lists.oasis-open.org/archives/xacml/201306/msg00023.html
       erik:   https://lists.oasis-open.org/archives/xacml/201306/msg00024.html


    Request/Response Interface based on JSON and HTTP for XACML 3.0 Version 1.0 uploaded
     https://lists.oasis-open.org/archives/xacml/201305/msg00083.html
      David has requested additional feedback and will then
       issue an update based on last mtg minutes

	hal: david sent regrets for today; has not updated profile yet.


    Response to NIST and planned workshop:
     https://lists.oasis-open.org/archives/xacml/201305/msg00085.html
    NIST ABAC Workshop - Call for participation
     https://lists.oasis-open.org/archives/xacml/201306/msg00004.html
      hal has provided a link to the:
       NIST: Attribute Based Access Control Workshop
        http://www.nist.gov/itl/csd/attribute-based-access-control-workshop-july-17-2013.cfm

   hal: in last 1/2 hr Jamie posted item:
     https://lists.oasis-open.org/archives/xacml/201306/msg00051.html


    Vote: REST Profile Candidate Oasis Standard
     PASSED
      approval:     https://lists.oasis-open.org/archives/xacml/201306/msg00036.html
      ballot setup: https://lists.oasis-open.org/archives/xacml/201306/msg00014.html


    Request for Comments: TCG TNC MAP Content Authorization Spec
     https://lists.oasis-open.org/archives/xacml/201306/msg00003.html
     http://www.trustedcomputinggroup.org/resources/tnc_map_content_authorization
      TC will not respond as spec too detailed for collective analysis,
       however, individuals were encouraged to provide feedback at last tc mtg,
       but review period ended as of June 18.

   MAP work:
     richard: making updates to working draft of MAP profile: please
	send comments to richard and list; also question of default
	algorithm and policy question is answered, as each product
	documents comb-alg wrt def policy.

    wiki page for errata set up:
      https://lists.oasis-open.org/archives/xacml/201306/msg00009.html

III. Issues

  New:
   Request Clarification on section 7.17 Authz decision of the 3.0 Core Spec
    on behalf of tcg effort, Richard is requesting clarification:
     richard: https://lists.oasis-open.org/archives/xacml/201306/msg00035.html
     david:   https://lists.oasis-open.org/archives/xacml/201306/msg00038.html
     steven:  https://lists.oasis-open.org/archives/xacml/201306/msg00039.html
     ray:     https://lists.oasis-open.org/archives/xacml/201306/msg00040.html

	richard: issue dealt w satisfactorily
      additional comments after agenda posted (consistent w above comments):
     hal:     https://lists.oasis-open.org/archives/xacml/201306/msg00047.html


   Obligations & Combining Algorithms: discussion emails:
    steven: https://lists.oasis-open.org/archives/xacml/201306/msg00010.html
    erik:   https://lists.oasis-open.org/archives/xacml/201306/msg00012.html
    bill:   https://lists.oasis-open.org/archives/xacml/201306/msg00013.html
    steven: https://lists.oasis-open.org/archives/xacml/201306/msg00018.html


   OAuth Scope expressed in XACML
    https://lists.oasis-open.org/archives/xacml/201306/msg00001.html
    https://lists.oasis-open.org/archives/xacml/201306/msg00000.html
     much discussion:
      steven: https://lists.oasis-open.org/archives/xacml/201306/msg00011.html
      hal:    https://lists.oasis-open.org/archives/xacml/201306/msg00015.html
      steven: https://lists.oasis-open.org/archives/xacml/201306/msg00017.html
      hal:    https://lists.oasis-open.org/archives/xacml/201306/msg00015.html
      steven: https://lists.oasis-open.org/archives/xacml/201306/msg00017.html
      tony:   https://lists.oasis-open.org/archives/xacml/201306/msg00021.html
      hal:    https://lists.oasis-open.org/archives/xacml/201306/msg00025.html
      hal:    https://lists.oasis-open.org/archives/xacml/201306/msg00026.html
      tony:   https://lists.oasis-open.org/archives/xacml/201306/msg00027.html
      allan:  https://lists.oasis-open.org/archives/xacml/201306/msg00028.html
      tony:   https://lists.oasis-open.org/archives/xacml/201306/msg00029.html
      hal:    https://lists.oasis-open.org/archives/xacml/201306/msg00030.html
      tony:   https://lists.oasis-open.org/archives/xacml/201306/msg00031.html
      tony:   https://lists.oasis-open.org/archives/xacml/201306/msg00031.html
      hal:    https://lists.oasis-open.org/archives/xacml/201306/msg00033.html
      tony:   https://lists.oasis-open.org/archives/xacml/201306/msg00034.html
      steven: https://lists.oasis-open.org/archives/xacml/201306/msg00041.html
      hal:    https://lists.oasis-open.org/archives/xacml/201306/msg00042.html
      hal:    https://lists.oasis-open.org/archives/xacml/201306/msg00043.html

     hal: posted slide deck and update for collaborative work w HP?
       https://lists.oasis-open.org/archives/xacml/201306/msg00048.html
       https://lists.oasis-open.org/archives/xacml/201306/msg00049.html

     additional post-agenda comments:
      tony:   https://lists.oasis-open.org/archives/xacml/201306/msg00046.html
 

    JSON Profile - "Category vs Entity|Object issue"
     rich: for reference, here is a recent description of the issue that I sent
      to NIST and cc'd the TC in May:
       https://lists.oasis-open.org/archives/xacml/201305/msg00076.html

     rich: the issue is doucmented in this email for ref for JSON, core spec,
	and NIST, all of which have context wrt issue.


   CARRIED OVER (no new info on these today, some commenters not in attendance)

    Distribution of obligations across multiple handlers:
     use cases posted to wiki

    Generalizing on-permit-apply-second

    Errata: XPathCategory


  hal: no additional comments:
	next mtg July 11, 2013 @ 4:30 EDT

	adjourned 4:49PM

--
Thanks, Rich

Rich Levinson | Internet Standards Security Architect
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803
Oracle is committed to developing practices and products that help protect the environment