Time: 16:30 EDT (GMT-0400) Tel: 513-241-0892 Access Code: 65998 Minutes for 5 September 2013 TC Meeting I. Roll Call & Minutes Roll Call: Voting Crystal Hayes Richard Hill Steven Legg Rich Levinson Hal Lockhart Bill Parducci Remon Sinnema Danny Thorpe John Tolbert Non-voting Greg Smith Voting Members: 9 of 10 (90%) (used for quorum calculation) bill: we have quorum Approve Minutes: 22 August 2013 TC Meeting https://lists.oasis-open.org/archives/xacml/201308/msg00038.html hal: any objections to unanimous consent? None heard. Approved. II. Administrivia Ballot Details: 2 Day October F2F in Washington, DC https://www.oasis-open.org/apps/org/workgroup/xacml/ballot.php?id=2501 hal: above ballot was to see if we had enough interest to have an an official tc mtg in oct. Alternative would be 1-2 day mtg that was not official tc: would have presentation of reqts, and try to produce dlp doc that could be presented as profile usable for these use cases. john: another version of the profile is coming which has more meat. should be within day or two. Reminders: OASIS IDtrust Member Section Steering Committee Elections Now Open Voting ends 11 September 2013 https://lists.oasis-open.org/archives/xacml/201308/msg00040.html https://lists.oasis-open.org/archives/xacml/201308/msg00046.html https://lists.oasis-open.org/archives/xacml/201309/msg00000.html hal: this is for org reps JSON Profile: 30 day pub rev in progress xacml-comment rcvd: https://lists.oasis-open.org/archives/xacml-comment/201309/msg00000.html Status: https://lists.oasis-open.org/archives/xacml/201308/msg00033.html Issues: https://lists.oasis-open.org/archives/xacml/201308/msg00027.html hal: it is sufficient that profile has info to addr problems people care about rather than trying to address popular trends xacml-comment discusion (steven responding): Multiple decision result of type xpathExpression https://lists.oasis-open.org/archives/xacml-comment/201308/maillist.html https://lists.oasis-open.org/archives/xacml-comment/201309/msg00001.html steven: attr selector picks leaf nodes; if more processing w more nodes, like hierarchical we don't have method to process. rich: suggests defining "undefined attrs" that trigger attr searches that can use the req ctx and an external provider to do any necessary complex processing and just return the result as a value of the undefined attr. steven: that's a 3rd approach items carried over as reminders to those interested: v3.0 Errata link https://wiki.oasis-open.org/xacml/XacmlErrata hal: would need volunteer to pull together errata doc; no volunteers at the moment, no urgency for now. NIST ABAC workshop agenda, minutes, and presentation slides are available (ref carried over from last mtg for anyone who missed it) https://lists.oasis-open.org/archives/xacml/201308/msg00019.html hal: NIST will soon put out update to doc based on input rcvd Conversation on Cloud, Privacy, and Healthcare with OASIS and WEDI (ref also carried over for anyone interested) https://lists.oasis-open.org/archives/xacml/201308/msg00029.html hal: new mtg sched for sep 17: 1pm et; contact hal if you want call info: bullet writeup on clould privacy healthcare III. Issues Policy Distribution: Request to consider standardizing": richard hill: https://lists.oasis-open.org/archives/xacml/201308/msg00039.html david: revisit Ray's proposed "PAP API" https://lists.oasis-open.org/archives/xacml/201308/msg00041.html ray: replies: https://lists.oasis-open.org/archives/xacml/201308/msg00042.html richard: are use cases needed? https://lists.oasis-open.org/archives/xacml/201308/msg00043.html jan: OGC (GeoXacml?) has spec/prototype that will go public soon: https://lists.oasis-open.org/archives/xacml/201308/msg00044.html hal: comments and pointers to prev work: https://lists.oasis-open.org/archives/xacml/201308/msg00045.html richard: from wiki sounds like pap is place for admin of these use cases. also interested in pushing pulling policies, how to handle non-repudiation issues when policies rcvd from vendors hal: recipient should ensure policy supplier is trusted; we have scheme w saml envelope; primary use case: any pdp has to have a way to get ahold of policies that it is supposed to be evaluating. "moving stuff around" is not particularly interesting, but what is interesting is what policies are supposed to be in force, etc. Is it good enough for pdp to pull policies, w/o push: is that sufficient? danny: has pull model, but there is notification for changes. rich: not really pure pull if notifications are involved. danny: polling model; more efficient approaches avail for special cases; hal: model is pap pdp model: danny: policy id plus version is real identity of policy; if version not spec'd system needs means to determine. carried over issues: Attributes from other Categories https://lists.oasis-open.org/archives/xacml/201308/msg00018.html ForAny https://lists.oasis-open.org/archives/xacml/201308/msg00032.html steven: forany is really procedural vs declarative discussion which new thread was trying to focus. Resource Location https://lists.oasis-open.org/archives/xacml/201308/msg00022.html hal: city or building; john: took jan's advice and took attr name etc from geoxacml. Multiple subjects in single req: ex sender and recipient and aligning w specific attrs; hal: rich has been trying to popularize term "entity" and category is a label naming the entity type, which conceptually is a little easier to understand where attrs should be placed in request.
--
Thanks, Rich
Thanks, Rich
Rich Levinson | Internet Standards Security
Architect
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803
Oracle is committed to developing practices
and products that help protect the environment