OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes for 5 September 2013 TC Meeting

Time: 16:30 EDT (GMT-0400)
Tel: 513-241-0892
Access Code: 65998

Minutes for 5 September 2013 TC Meeting

I. Roll Call & Minutes

  Roll Call:

Crystal Hayes
Richard Hill
Steven Legg
Rich Levinson
Hal Lockhart
Bill Parducci
Remon Sinnema
Danny Thorpe
John Tolbert

Greg Smith

Voting Members: 9 of 10 (90%) (used for quorum calculation) 

  bill: we have quorum

  Approve Minutes:
   22 August 2013 TC Meeting

  hal: any objections to unanimous consent? None heard. Approved.

II. Administrivia

  Ballot Details: 2 Day October F2F in Washington, DC 

  hal: above ballot was to see if we had enough interest to have an
    an official tc mtg in oct. Alternative would be 1-2 day mtg
    that was not official tc: would have presentation of reqts,
    and try to produce dlp doc that could be presented as profile
    usable for these use cases.

  john: another version of the profile is coming which has more meat.
    should be within day or two.

  Reminders: OASIS IDtrust Member Section Steering Committee Elections Now Open
  Voting ends 11 September 2013

    hal: this is for org reps

  JSON Profile: 30 day pub rev in progress
   xacml-comment rcvd:
   Status: https://lists.oasis-open.org/archives/xacml/201308/msg00033.html
   Issues: https://lists.oasis-open.org/archives/xacml/201308/msg00027.html

  hal: it is sufficient that profile has info to addr problems people
   care about rather than trying to address popular trends

  xacml-comment discusion (steven responding): 
   Multiple decision result of type xpathExpression 

      steven: attr selector picks leaf nodes; if more processing w
	more nodes, like hierarchical we don't have method to process.

      rich: suggests defining "undefined attrs" that trigger attr
	searches that can use the req ctx and an external provider
	to do any necessary complex processing and just return
	the result as a value of the undefined attr.

      steven: that's a 3rd approach

 items carried over as reminders to those interested:

  v3.0 Errata link

     hal: would need volunteer to pull together errata doc;
	no volunteers at the moment, no urgency for now.

  NIST ABAC workshop agenda, minutes, and presentation slides are available
   (ref carried over from last mtg for anyone who missed it)

     hal: NIST will soon put out update to doc based on input rcvd

  Conversation on Cloud, Privacy, and Healthcare with OASIS and WEDI
   (ref also carried over for anyone interested)

     hal: new mtg sched for sep 17: 1pm et; contact hal if you
	want call info: bullet writeup on clould privacy healthcare

III. Issues

  Policy Distribution: Request to consider standardizing": richard hill:
   david: revisit Ray's proposed "PAP API"
   ray: replies:
   richard: are use cases needed?
   jan: OGC (GeoXacml?) has spec/prototype that will go public soon:
   hal: comments and pointers to prev work:

  richard: from wiki sounds like pap is place for admin of these
	use cases. also interested in pushing pulling policies,
	how to handle non-repudiation issues when policies rcvd
	from vendors

  hal: recipient should ensure policy supplier is trusted; we have
	scheme w saml envelope; primary use case: any pdp has to
	have a way to get ahold of policies that it is supposed
	to be evaluating.

	"moving stuff around" is not particularly interesting, but
	what is interesting is what policies are supposed to be
	in force, etc. Is it good enough for pdp to pull policies,
	w/o push: is that sufficient?

  danny: has pull model, but there is notification for changes.

  rich: not really pure pull if notifications are involved.

  danny: polling model; more efficient approaches avail for special cases;

  hal: model is pap pdp model:

  danny: policy id plus version is real identity of policy; if version
	not spec'd system needs means to determine.

 carried over issues:

  Attributes from other Categories

   steven: forany is really procedural vs declarative discussion
	which new thread was trying to focus.

  Resource Location

    hal: city or building;
    john: took jan's advice and took attr name etc from geoxacml.

  Multiple subjects in single req:
    ex sender and recipient and aligning w specific attrs;

    hal: rich has been trying to popularize term "entity" and
	category is a label naming the entity type, which
	conceptually is a little easier to understand where
	attrs should be placed in request.

Thanks, Rich

Rich Levinson | Internet Standards Security Architect
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803

            Oracle Oracle is committed to developing practices and products that help protect the environment

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]