[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes 22 August 2013 TC Meeting
I. Roll Call & Minutes Roll Call Voting Members Hal Lockhart (Chair) Bill Parducci (Chair) Crystal Hayes Richard Hill Steven Legg Rich Levinson Members Allan Foster Danny Thorpe Quorum reached. 60% per Oasis Approve Minutes: 8 August 2013 TC Meeting Approved unanimously. II. Administrivia NIST ABAC workshop agenda, minutes, and presentation slides are available https://lists.oasis-open.org/archives/xacml/201308/msg00019.html NIST SP 800-162 public review Comments Closed last Friday. Conversation on Cloud, Privacy, and Healthcare with OASIS and WEDI Dee posted information: https://lists.oasis-open.org/archives/xacml/201308/msg00029.html OASIS IDtrust Member Section Steering Committee Elections Now Open Voting ends 11 September 2013 https://lists.oasis-open.org/archives/xacml/201308/msg00030.html JSON Profile 30 day Public review is under way. SL: There seems to be an inconsistency between normative text and XML for status codes RH: He reads the the text to refer to a "primary" status code HL: The fact that this has come up before as an issue means we should capture as an errata SL: It has been posted to the wiki page v3.0 Errata link A wiki page has been created. BP: I have gone through the minutes and added the mentions of errata from the minutes to the wiki page. Data Loss Prevention Profile Richard summarized the DLP Profile posted by John Tolbert recently. HL: An aspect of this effort seems to be a pragmatic effort to consolidate security across the variety of platforms/systems that are involved in this effort to create a common vocabulary for the protection of this information. HL: John and I discussed possibly a face to face in the DC area to explore this in detail, gather use cases, etc. Possible format: one day a public forum, the second a TC meeting. Oasis may be able to help enlist public interest. Digital Policy Management group RH: NSA sponsored program to figure out how to move form written policy regulation to computer readable format for inter/intra agency interaction. XACML appears to be the format that has been chosen. Meetings have been held twice/year. DHS presented some of the "difficult" issues associated with their work with XACML. Richard will post a summary. One major roadblock has been the adoption of v3.0 by vendors. The SAML Profile not supporting as well. HL: SAML Profile is a CS (awaiting attestation) RL: There is a technique for using URIs to achieve similar functionality as the XPath mechanism HL: Policy interoperability is going to become more important as these types of initiatives arise. Policy Distribution RH: It is becoming apparent that mechanisms for Policy management need to be developed. Large organizations may have multiple XACML implementations (cross vendor). This is going to become a roadblock to adoption. How should the TC address this? HL: I have made some proposals a few years back. At that time there wasn't interest, however I will take an ACTION ITEM to propose a set of requirements for such a standard to initiate conversation. BP: For this to work we will have to drill down to the transport protocols. HL: The original assumptions wer based upon SOAP/XML but we will need to revisit this. III. Issues Attributes from other Categories RL: I still have not processed Steven's last reply yet. The TC take a look at it because it has significant ramifications. Resource Location HL: There is no real constraint on the format. meeting adjourned.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]