OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for 8 August 2013 TC Meeting

Time: 16:30 EDT (GMT-0400)
Tel: 513-241-0892
Access Code: 65998

Minutes for 8 August 2013 TC Meeting

I. Roll Call & Minutes

  Roll Call:

Achieved quorum	yes
Voting Members: 9 of 10 (90%) (used for quorum calculation) 
Crystal Hayes
Richard Hill
Steven Legg
Rich Levinson
Hal Lockhart
Bill Parducci
Remon Sinnema
John Tolbert
Mohammad Jafari

Attending members (non-voting):
Greg Smith
  bill: we have quorum

  Approve Minutes:
   25 July 2013 TC Meeting

  hal: any objections to unanimous consent? none heard.

II. Administrivia

  RSA Europe (ray: anyone attending?):

    no comments

  IDtrust Steering Committee annual Nominations and Election Process
    * extended until Aug 16, 2013

  NIST SP 800-162 public review extended (hal: extended to 8/16):
   "Guide to Attribute Based Access Control (ABAC) Definition and Considerations”
    (note: still same version we reviewed in spring 2013: last mod: 4/24/13: 11:34AM)

     nothing new on this item   

  Request / Response Interface based on JSON and HTTP for XACML 3.0 Version 1.0 uploaded
    was voted last mtg to Committee Draft status, and to be put
     out for 30-day public review: progress?

  hal: note from chet today: tickets in queue from tc admin
  chet's email:

  Wish List for XACML (steven - added new items)
   wiki (full list):

    hal: feedback on new version: ranges from not essential at this time,
	to a really bad idea at this time.
       working model for now is building on existing concepts.

    steven: should go in errata, not wish list

    bill: emailed link to errata page:

III. Issues

  Target definition (john):

  hal: in 3.0 we changed the details, but high level defn not clear
        The set of decision requests, identified by definitions for resource, subject
         and action that a rule, policy, or policy set is intended to evaluate
        The set of decision requests, identified by definitions for resource, subject
         and action that a PDP is intended to evaluate according to the applicable
         rule, policy, or policy set

  Resource location (john):

    john: wouldn't it be better to import rules: DLP fcns (data loss prevention):
      how to stdize policy, rules for interoperable notions of how these
      std ops are protected:
     considering writing proposed profile to address this notion;
     also building policies around some std policies
    richard: is network access part of dlp or not?
    john: probably overlaps; dlp profile, nac profile,

  How to get attributes from other categories (continued)
   steven: https://lists.oasis-open.org/archives/xacml/201308/msg00001.html
   rich:   https://lists.oasis-open.org/archives/xacml/201307/msg00030.html
   steven: https://lists.oasis-open.org/archives/xacml/201307/msg00029.html
   rich:   https://lists.oasis-open.org/archives/xacml/201307/msg00028.html
   steven: https://lists.oasis-open.org/archives/xacml/201307/msg00015.html

    rich: explained email (that was sent after agenda):

    steven: has not read email yet, but wanted to mention the discussion
	on the "XPathCategory issue that rich raised:
        claims there is no sense of redirection intended, even though
	 it could be technically used in that manner, but
	 that would be beyond the scope of the current spec defn.
	context selector id that attr selector specifies
	 impression primary use case is xpath selector fcn,
         and that is restricted to current category.

    rich: it is that restriction, that iro (in rich's opinion),
	effectively renders XPathCategory redundant and useless,
	so logical conclusion is that if this xml attr has been
	added, it must have some purpose, and, in order to give
	it any possible purpose, the restriction must be removed.
	(keeping in mind that the analysis leading to this
	 conclusion is possibly wrong as well, in which case
	 clarification is requested to explain the usage)

    hal: have we created functionality that is not usable; people
	need to look at xpathcategory

         define use cases - can they be separated;
	  try to separate threads for xpathcategory, the use case itself,
	   etc. i.e. what issues were dropped in rich's latest email
	   that tried to re-baseline the discussion.
  ->       rich will send email to try to sort things out, as
	    he already has notes to that effect which were
	    not included in latest email.

	 attrs of relations, easy to find info when; where are the
	  cross correlations going to be kept? 

    hal: any additional joiners:
	mohammad: joined just after roll call
	greg smith: from boeing, please add to list

	meeting adjourned: ~5:10PM EDT
Thanks, Rich

Rich Levinson | Internet Standards Security Architect
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803

            Oracle Oracle is committed to developing practices and products that help protect the environment

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]