OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Minutes 20 August TC Meeting


Minutes of XACML TC Meeting 20 August 2015

I. Roll Call
  Attendees
   Steven Legg
   Rich Levinson
   Hal Lockhart (Co-Chair)
   Bill Parducci (Co-Chair)
   Remon Sinnema
   Martin Smith
   John Tolbert

  Quorum achieved (80% per Kavi)

  Approval of Minutes
   Vote on approval of 6 August 2015 TC meeting minutes
   APPROVED: UNANIMOUS CONSENT

II. Administrivia
  XACML v3.0 Related and Nested Entities Profile Version 1.0
   Hal:
    TC-Admin should have this published and sent out for Public Review shortly.

  NSTIC
   Martin:
    The framework should be out next month and is should be of interest in the
    TC. Also, why are rule engines not handling access control?
   Hal:
    I am only familiar with the firewall model, which uses a cumulative matching
    model.
   Bill:
    In my experience the security market doesn't have the tolerance for a
    probabilistic decision; decisions must be explicit. Also, the typical
    default in the access control defaults to no access.
   Hal:
    I agree. I looked into expert systems early on, before XACML started and 
    concluded that the market would not accept that approach.
    A key issue is whether there is an expectation of future recourse or not.
    The access control community tends to assume that if you allow something you
    shouldn't you can never correct it. The secret is out or the action can't be
    reversed. In a financial transaction environment, usually you can correct
    errors later.
   Martin:
    In the counter case there is no such thing as a suicide privacy violators
    (e.g. sneak into privacy info for the President, etc.) for where nature of
    motivations are varied.
   Hal:
    It seems to me there is a sharp contrast between a system that always gives
    the same answer with equal inputs and one that might vary based upon some
    subtleties. 

III. Issues
  2-Stage Policy Development
   Martin:
    I have dug a little bit deeper in what to be state of the art in terms of
    developing laws and regulations. I have so far not found much, but will 
    continue.

  Trust Elevation
   John:
    I posted the latest draft satisfy trust elevation use cases.

meeting adjourned.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]