OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes 22 August 2013 TC Meeting

I. Roll Call & Minutes
 Roll Call
  Voting Members
   Hal Lockhart (Chair)
   Bill Parducci (Chair)
   Crystal Hayes
   Richard Hill
   Steven Legg
   Rich Levinson
   Allan Foster
   Danny Thorpe

  Quorum reached.
   60% per Oasis

 Approve Minutes:
  8 August 2013 TC Meeting
  Approved unanimously.

II. Administrivia  

  NIST ABAC workshop agenda, minutes, and presentation slides are available

  NIST SP 800-162 public review Comments
   Closed last Friday.

  Conversation on Cloud, Privacy, and Healthcare with OASIS and WEDI
   Dee posted information:

  OASIS IDtrust Member Section Steering Committee Elections Now Open
  Voting ends 11 September 2013

  JSON Profile
   30 day Public review is under way.
   SL: There seems to be an inconsistency between normative text
       and XML for status codes
   RH: He reads the the text to refer to a "primary" status code
   HL: The fact that this has come up before as an issue means we
        should capture as an errata
   SL: It has been posted to the wiki page
  v3.0 Errata link
   A wiki page has been created.
   BP: I have gone through the minutes and added the mentions of 
       errata from the minutes to the wiki page. 
  Data Loss Prevention Profile
   Richard summarized the DLP Profile posted by John Tolbert recently.
   HL: An aspect of this effort seems to be a pragmatic effort to 
       consolidate security across the variety of platforms/systems 
       that are involved in this effort to create a common vocabulary
       for the protection of this information.
   HL: John and I discussed possibly a face to face in the DC area to
       explore this in detail, gather use cases, etc. Possible format:
       one day a public forum, the second a TC meeting. Oasis may be
       able to help enlist public interest.
  Digital Policy Management group
   RH: NSA sponsored program to figure out how to move form 
       written policy regulation to computer readable format for 
       inter/intra agency interaction. XACML appears to be the 
       format that has been chosen. Meetings have been held 
       twice/year. DHS presented some of the "difficult" issues
       associated with their work with XACML. Richard will post
       a summary. One major roadblock has been the adoption of
       v3.0 by vendors. The SAML Profile not supporting as well.
   HL: SAML Profile is a CS (awaiting attestation)
   RL: There is a technique for using URIs to achieve similar 
       functionality as the XPath mechanism
   HL: Policy interoperability is going to become more important as
       these types of initiatives arise.
  Policy Distribution
   RH: It is becoming apparent that mechanisms for Policy management 
       need to be developed. Large organizations may have multiple 
       XACML implementations (cross vendor). This is going to become 
       a roadblock to adoption. How should the TC address this?
   HL: I have made some proposals a few years back. At that time there
       wasn't interest, however I will take an ACTION ITEM to propose 
       a set of requirements for such a standard to initiate 
   BP: For this to work we will have to drill down to the transport protocols.
   HL: The original assumptions wer based upon SOAP/XML but we will need to
       revisit this.

III. Issues
  Attributes from other Categories
    RL: I still have not processed Steven's last reply yet. The TC
        take a look at it because it has significant ramifications.

  Resource Location
   HL: There is no real constraint on the format.

meeting adjourned.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]