[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes 20 August TC Meeting
Minutes of XACML TC Meeting 20 August 2015 I. Roll Call Attendees Steven Legg Rich Levinson Hal Lockhart (Co-Chair) Bill Parducci (Co-Chair) Remon Sinnema Martin Smith John Tolbert Quorum achieved (80% per Kavi) Approval of Minutes Vote on approval of 6 August 2015 TC meeting minutes APPROVED: UNANIMOUS CONSENT II. Administrivia XACML v3.0 Related and Nested Entities Profile Version 1.0 Hal: TC-Admin should have this published and sent out for Public Review shortly. NSTIC Martin: The framework should be out next month and is should be of interest in the TC. Also, why are rule engines not handling access control? Hal: I am only familiar with the firewall model, which uses a cumulative matching model. Bill: In my experience the security market doesn't have the tolerance for a probabilistic decision; decisions must be explicit. Also, the typical default in the access control defaults to no access. Hal: I agree. I looked into expert systems early on, before XACML started and concluded that the market would not accept that approach. A key issue is whether there is an expectation of future recourse or not. The access control community tends to assume that if you allow something you shouldn't you can never correct it. The secret is out or the action can't be reversed. In a financial transaction environment, usually you can correct errors later. Martin: In the counter case there is no such thing as a suicide privacy violators (e.g. sneak into privacy info for the President, etc.) for where nature of motivations are varied. Hal: It seems to me there is a sharp contrast between a system that always gives the same answer with equal inputs and one that might vary based upon some subtleties. III. Issues 2-Stage Policy Development Martin: I have dug a little bit deeper in what to be state of the art in terms of developing laws and regulations. I have so far not found much, but will continue. Trust Elevation John: I posted the latest draft satisfy trust elevation use cases. meeting adjourned.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]