Minutes for 5 February 2015 TC Meeting

xacml message
Subject: Minutes for 5 February 2015 TC Meeting
From: rich levinson <rich.levinson@oracle.com>
To: xacml <xacml@lists.oasis-open.org>
Date: Fri, 06 Feb 2015 13:40:56 -0500
Time: 2:30 PM EST (-0500 GMT)
Tel: 513-241-0892

Access Code: 65998

Minutes for 5 February 2015 TC Meeting

I. Roll Call & Minutes

  Roll Call:

Quorum rule	51% of voting members
Achieved quorum	yes
Voting Members: 8 of 10 (80%) (used for quorum calculation) 



Crystal Hayes	Voting Member
Richard Hill	Voting Member
Steven Legg	Voting Member
Rich Levinson	Secretary
Hal Lockhart	Chair
Bill Parducci	Chair
Remon Sinnema	Voting Member
John Tolbert	Voting Member

	bill: we have quorum


  Approve Minutes 22 January 2015:
    https://lists.oasis-open.org/archives/xacml/201501/msg00020.html

	minutes approved w no objections

II. Administrivia


 The New OASIS Standards for XACML, announced 1/19, have been published as of 1/27:
   XACML MAP Authorization Profile,
   XACML Intellectual Property Control (IPC) Profile and
   XACML 3.0 Export Compliance-US (EC-US) Profile
     https://lists.oasis-open.org/archives/xacml/201501/msg00024.html

    hal: congrats to everyone; long road


 Ballot passed: "XACML v3.0 Privacy Policy Profile Version 1.0"
   approved as a Committee Specification
     https://lists.oasis-open.org/archives/xacml/201501/msg00023.html

     hal: passed


 Ballot failed to pass: 
   "XACML Data Loss Prevention / Network Access Control (DLP/NAC) Profile, Version 1.0"
    came 1 vote short of approval as a Committee Specification
     https://lists.oasis-open.org/archives/xacml/201501/msg00022.html

      Note: possibly reminders were not sent out for this ballot?
             (I did not get one, but did for Privacy Profile)

      also: email says: "You are free to pass a motion and request another
                          Special Majority Vote ballot at any time."


     hal: we need to request another ballot:

     john moves
     crystal seconds
     no objections to unanimous consent

  Formal motion:
   John Tolbert: I move to approve the Chair requesting that TC Administration hold a 
           Special Majority Vote to approve:
	    "XACML Data Loss Prevention / Network Access Control (DLP/NAC) Profile Version 1.0,
	     Committee Specification Draft 01 / Public Review Draft 01, 02 October 2014"
	   contained in 
            http://docs.oasis-open.org/xacml/xacml-3.0-dlp-nac/v1.0/csprd01/xacml-3.0-dlp-nac-v1.0-csprd01.doc
           as a Committee Specification.
	   I further move that the TC affirm that no changes have been made
           since the last public review.

    Crystal Hayes: seconds
    VOTE: APPROVED UNANIMOUSLY
 -> ACTION ITEM: Chairs to submit request to publish as CS to Oasis TC-admin



III. Issues

  Reactivating the Admin & Delegation discussion
    hal:    https://lists.oasis-open.org/archives/xacml/201501/msg00019.html
    erik:   https://lists.oasis-open.org/archives/xacml/201501/msg00021.html
    hal:    https://lists.oasis-open.org/archives/xacml/201501/msg00025.html
    erik:   https://lists.oasis-open.org/archives/xacml/201501/msg00026.html
    steven: https://lists.oasis-open.org/archives/xacml/201502/msg00000.html
    erik:   https://lists.oasis-open.org/archives/xacml/201502/msg00001.html
    steven: https://lists.oasis-open.org/archives/xacml/201502/msg00002.html

     This issue appears to be related to the notion of:
       "admin policies" authorizing "access policies"
      and problems w the scope assoc w PolicySets;

     It would probably help if a use case could be described that
      motivates the need for this type of complexity.


	hal: 2 generic use cases in section 2 of profile:
	     combining algorithms break the tie;

	     admin policies: xacml 2.0 assumption is all policies are equal

	     in v3 policies are valid because they are authorized by parties;

	right now admin policies must be in policy they apply to;


	rich: question why this technique is required and why "untrusted"
	 policies are allowed in, in the first place;

	steven: delegation systems how to control delegation about who can
	 write what kind of policies

  	steven: turning over of control of evalution of policy to the owner
	 of the resource.

	hal: for example, users can write policies for their own resources
	 and so must be authorized only to write policies that apply to
	 the resources that they own.

	hal: users will generatlly have some attr assoc w files in actual files
	 system that can be attrs to evaluate in terms of authorizing the user
	 to write policies covering those resources.



   Other business:

     hal: would like to get people to start submitting statements of use
	for any of the 3.0 profiles that are remaining;



`	Meeting adjourned 3:00 PM EST
--
Thanks, Rich
Rich Levinson | Internet Standards Security Architect
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803
Oracle is committed to developing practices and products that help protect the environment