[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes 19 February 2015 TC meeting - DRAFT
Time: 2:30 PM EST (-0500 GMT) Tel: 513-241-0892 Access Code: 65998 Minutes for 19 February 2015 TC Meeting I. Roll Call & Minutes Roll Call: Voting Members Crystal Hayes Richard Hill Steven Legg Rich Levinson Hal Lockhart Co-Chair Bill Parducci Co-Chair Remon Sinnema John Tolbert Observer Scott Robertson, Kaiser Permanente Voting Members: 6 of 10 (60%) Bill: We have quorum Approve Minutes 5 February 2015: https://lists.oasis-open.org/archives/xacml/201501/msg00020.html APPROVED unanimously II. Administrivia Call for Agenda Change John: I have a couple issues I would like to discuss today about potential Profiles. Hal: Noted Next Steps Hal: We have a number of docs that are at Committee Specification level now. The next step is to begin collecting Statements of Use. Does anyone need help with vergbiage? John: That would be helpful. Hal: I will post some draft wording and post it to the list. Hopefully we will get the rolling in the next month or so. Hal: There are a number of Profiles that still require some work to get to the next level; everyone is encouraged to take back up those that are of interest. III. Attribute Boundaries John: Some of are presenting at EIC re: Oasis standards such as XACML. Given the multi-national nature of the EU Would it be possible for us to create a possible to create a Profile that would not require attributes across borders. Perhaps send a Subject and Policy. Richard: This is a good idea. I ahve seen it be done, e;g; in cases where you want to see the export control status of something without the clearance to see the attributes. Hal: The Admin Profile in conjunction with SAML 3.0 can address this. It was not a primary Use Case, but it could be used for this purpose. This may be a very unique case in that only 1 party has access to the attributes, but the Policy is accessible to both. John: Using the Admin Profile is an interesting idea. I will explore that. Bill: It may be possible with a modest number of Policies to infer data on the "hidden" side, leading to an exploit. Time Limited Decisions John: What are the TC's thoughts on a response that is time limited? Hal: There are abilities to define access by time, but there is no mechanism in XACML for a duration per se. The SAML 2.0 wrapper may be used to handle attribute manipulation however. Bill: John, is human driven web usage the Use Case you are thinking of here? John: Basically, yes. Hal: XACML is typically more general than this. John: Could this be handled with an Obligation? Hal: Yes, but it's specificity makes it generally non-standard. Bill: I am curious as to the best way to address the reiterative nature of a human driven website where reauth/Z is specified with a time constraint attribute. This seems like what John is trying to address. John: Yes, that is a Use Case for this. Hal: This is a common situation that can be highly contextual based upon company, etc. If we can figure out a way to address it would be interesting to explore. John: I will explore the existing Profiles and am happy to receive input from anyone who has seen implementations, attempted to solve this. New TC John: I have been working with a number of people on the adoption of US Federal Identity Credentialing and Access Management (FICAM). We are considering setting up a TC that would work on interoperablity of FICAM implementations. I think will have a lot of cross-pollination with XACML and SAML. Hal: I am sure there will be interest/feedback once this begins to materialize. meeting adjourned.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]