OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes 20 March 2014 TC meeting

Minutes for 20 March 2014 TC meeting

I. Roll Call & Approve Minutes
 Voting Members:
  Hal Lockhart (chair)
  Bill Parducci (chair)
  Richard Hill
  Steven Legg
  Rich Levinson
  Erik Rissanen
  Remon Sinnema
  John Tolbert

  David Brossard

  Quorum Achieved - 80% (per Oasis)

 Minutes 6 March 2014 TC Meeting
  APPROVED unanimously

II. Adminstrivia
 Administration Profile, DSIG Profile, Hierarchical Profile, 
 Multiple Resource Profile, Privacy Profile, RBAC Profile, SAML Profile
  Erik briefly reviewed the recent Profile Working Draft uploads.
  Hal: PR not necessary were no substantiative changes made, otherwise
       15-day Public Review. I suggest that we allow another 2 weeks
       for the TC to review.
  Erik: Concur. I need to catalogue which Profiles have substantiative

 Request/Response Profile
  David: Clarified questions sent to list. It appears that we can 
          change the name to the "JSON Profile for XACML v3.0". 
  Erik: The Category within the datatype indicates where the expression
        is applied. It is here because the Target match only takes 
        functions with 2 arguments.
  Hal: This may make sense within the use of one of the Subject  
  David: Invalid value in a JSON request ot response. Exception? or
         Indeterminate. Hal suggested throwing an Indeterminate
  Steven: What does the core spec state?
  David: Indeterminate
  Steven: Suggest we do this.
  David: Agreed
  Hal: It sounds like we will have one more working draft before review
       for promotion.

  John: Need some volunteers to generate some example policies.

  David: Axiomatics will be contributing the grammar for the ALFA
         language and I will begin working on a Profile. I would like
         to get the name worked out. Our preference is that it remain
         ALFA with a replacement of the "A" in the acronym.
  Hal: Do we have a general consensus on keeping the name as "ALFA"?
       NOT use it?
  Rich: I would like to see the syntax.
  David: The syntax has nothing to do with the current name ALFA.
  Steven: "For Authorization" is too general to me.
  Bill: How about we setup a quick poll to solicit names, then a
        follow-up to 

  Hal: We have tried keep in line with ISO IEC directives. We should
       follow the Oasis guidleines and should note this in the Errata.
       This applies to Profiles as well.

III. Issues
 Psuedo code
  Erik: I followed the same principles in the Core Specification when
         editing the Combining Algorithms Profile. This code however,
         has no definition of semantics. There are some options: use a 
         real language or something that has been defined in academia. 
         The later seems a bit arcane, not sure how well it will be 
         adopted. I prefer to keep it as is since we have not received 
         a lot of feedback.
  Hal: leave as is, describe pseudo code; pick some defined pseudo 
       code, English language description
  Rich: We have tried some of those paths before and ended up where we
  There is a general consensus to leave the pseudo code as is.

  Erik: It is the sense of the TC to make no changes in response to the
        comment about pseudo code. This is consistent with the Core
        specification, which has been implemented by industry multiple
        times, with consistent understanding of the meaning of the 
        specification. The TC may reconsider this approach in a future
        version of the standard.
  SECOND: General consensus to vote
  VOTE: APPROVED unanimously

 IP Address
  Erik reviewed his question concerning the use of a mask when
  describing a single IP address. If one is required--as asserted by 
  Bill--then we have an apparent inconsistency in the specified matching 
  Hal: My intent was to treat both addresses with or without a mask. It 
       is possible that there is a typo. We need to review.
  Bill clarified his points on the list re: the consistent use of a 
  netmask when describing one or a range of IP addresses
  Hal: What about the case where you have 2 IP addressed and want to 
       know if they are on the same subnet?
  Bill: i had not thought of that, but you would need subnet mask for 
        that and it would be possible to have matches on two different 
  Hal: using private addresses
  Bill/Erik: yes.
  Hal: I will post some Use Cases to the list.

meeting adjourned.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]