[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes 20 March 2014 TC meeting
Minutes for 20 March 2014 TC meeting I. Roll Call & Approve Minutes Voting Members: Hal Lockhart (chair) Bill Parducci (chair) Richard Hill Steven Legg Rich Levinson Erik Rissanen Remon Sinnema John Tolbert Members: David Brossard Quorum Achieved - 80% (per Oasis) Minutes 6 March 2014 TC Meeting APPROVED unanimously II. Adminstrivia Administration Profile, DSIG Profile, Hierarchical Profile, Multiple Resource Profile, Privacy Profile, RBAC Profile, SAML Profile Erik briefly reviewed the recent Profile Working Draft uploads. Hal: PR not necessary were no substantiative changes made, otherwise 15-day Public Review. I suggest that we allow another 2 weeks for the TC to review. Erik: Concur. I need to catalogue which Profiles have substantiative changes. Request/Response Profile David: Clarified questions sent to list. It appears that we can change the name to the "JSON Profile for XACML v3.0". Erik: The Category within the datatype indicates where the expression is applied. It is here because the Target match only takes functions with 2 arguments. Hal: This may make sense within the use of one of the Subject Categories. David: Invalid value in a JSON request ot response. Exception? or Indeterminate. Hal suggested throwing an Indeterminate Steven: What does the core spec state? David: Indeterminate Steven: Suggest we do this. David: Agreed Hal: It sounds like we will have one more working draft before review for promotion. DLP-NAC John: Need some volunteers to generate some example policies. ALFA David: Axiomatics will be contributing the grammar for the ALFA language and I will begin working on a Profile. I would like to get the name worked out. Our preference is that it remain ALFA with a replacement of the "A" in the acronym. Hal: Do we have a general consensus on keeping the name as "ALFA"? NOT use it? Rich: I would like to see the syntax. David: The syntax has nothing to do with the current name ALFA. Steven: "For Authorization" is too general to me. Bill: How about we setup a quick poll to solicit names, then a follow-up to Errata Hal: We have tried keep in line with ISO IEC directives. We should follow the Oasis guidleines and should note this in the Errata. This applies to Profiles as well. III. Issues Psuedo code Erik: I followed the same principles in the Core Specification when editing the Combining Algorithms Profile. This code however, has no definition of semantics. There are some options: use a real language or something that has been defined in academia. The later seems a bit arcane, not sure how well it will be adopted. I prefer to keep it as is since we have not received a lot of feedback. Hal: leave as is, describe pseudo code; pick some defined pseudo code, English language description Rich: We have tried some of those paths before and ended up where we are. There is a general consensus to leave the pseudo code as is. MOTION: Erik: It is the sense of the TC to make no changes in response to the comment about pseudo code. This is consistent with the Core specification, which has been implemented by industry multiple times, with consistent understanding of the meaning of the specification. The TC may reconsider this approach in a future version of the standard. SECOND: General consensus to vote VOTE: APPROVED unanimously IP Address Erik reviewed his question concerning the use of a mask when describing a single IP address. If one is required--as asserted by Bill--then we have an apparent inconsistency in the specified matching logic. Hal: My intent was to treat both addresses with or without a mask. It is possible that there is a typo. We need to review. Bill clarified his points on the list re: the consistent use of a netmask when describing one or a range of IP addresses Hal: What about the case where you have 2 IP addressed and want to know if they are on the same subnet? Bill: i had not thought of that, but you would need subnet mask for that and it would be possible to have matches on two different networks Hal: using private addresses Bill/Erik: yes. Hal: I will post some Use Cases to the list. meeting adjourned.