[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes 22 August 2013 TC Meeting
I. Roll Call & Minutes
Roll Call
Voting Members
Hal Lockhart (Chair)
Bill Parducci (Chair)
Crystal Hayes
Richard Hill
Steven Legg
Rich Levinson
Members
Allan Foster
Danny Thorpe
Quorum reached.
60% per Oasis
Approve Minutes:
8 August 2013 TC Meeting
Approved unanimously.
II. Administrivia
NIST ABAC workshop agenda, minutes, and presentation slides are available
https://lists.oasis-open.org/archives/xacml/201308/msg00019.html
NIST SP 800-162 public review Comments
Closed last Friday.
Conversation on Cloud, Privacy, and Healthcare with OASIS and WEDI
Dee posted information:
https://lists.oasis-open.org/archives/xacml/201308/msg00029.html
OASIS IDtrust Member Section Steering Committee Elections Now Open
Voting ends 11 September 2013
https://lists.oasis-open.org/archives/xacml/201308/msg00030.html
JSON Profile
30 day Public review is under way.
SL: There seems to be an inconsistency between normative text
and XML for status codes
RH: He reads the the text to refer to a "primary" status code
HL: The fact that this has come up before as an issue means we
should capture as an errata
SL: It has been posted to the wiki page
v3.0 Errata link
A wiki page has been created.
BP: I have gone through the minutes and added the mentions of
errata from the minutes to the wiki page.
Data Loss Prevention Profile
Richard summarized the DLP Profile posted by John Tolbert recently.
HL: An aspect of this effort seems to be a pragmatic effort to
consolidate security across the variety of platforms/systems
that are involved in this effort to create a common vocabulary
for the protection of this information.
HL: John and I discussed possibly a face to face in the DC area to
explore this in detail, gather use cases, etc. Possible format:
one day a public forum, the second a TC meeting. Oasis may be
able to help enlist public interest.
Digital Policy Management group
RH: NSA sponsored program to figure out how to move form
written policy regulation to computer readable format for
inter/intra agency interaction. XACML appears to be the
format that has been chosen. Meetings have been held
twice/year. DHS presented some of the "difficult" issues
associated with their work with XACML. Richard will post
a summary. One major roadblock has been the adoption of
v3.0 by vendors. The SAML Profile not supporting as well.
HL: SAML Profile is a CS (awaiting attestation)
RL: There is a technique for using URIs to achieve similar
functionality as the XPath mechanism
HL: Policy interoperability is going to become more important as
these types of initiatives arise.
Policy Distribution
RH: It is becoming apparent that mechanisms for Policy management
need to be developed. Large organizations may have multiple
XACML implementations (cross vendor). This is going to become
a roadblock to adoption. How should the TC address this?
HL: I have made some proposals a few years back. At that time there
wasn't interest, however I will take an ACTION ITEM to propose
a set of requirements for such a standard to initiate
conversation.
BP: For this to work we will have to drill down to the transport protocols.
HL: The original assumptions wer based upon SOAP/XML but we will need to
revisit this.
III. Issues
Attributes from other Categories
RL: I still have not processed Steven's last reply yet. The TC
take a look at it because it has significant ramifications.
Resource Location
HL: There is no real constraint on the format.
meeting adjourned.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]