[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for 21 January 2016 TC Meeting - updated
Time: 2:30 PM EST (-0500 GMT) Tel: 1-712-775-7031 Access Code: 620-103-760 Minutes for 21 January 2016 TC Meeting - updated note: added some clarification to martin's comments in the attr discussion; also: added martin's link email to reference on abac note: includes bill's mtg schedule update notice, and hal's post-mtg email he had prep'd earlier on attr discussion I. Roll Call & Minutes Voting Members: 8 of 9 (88%) (used for quorum calculation) Richard Hill Voting Member Mohammad Jafari Voting Member Steven Legg Voting Member Rich Levinson Secretary Hal Lockhart Co-Chair Bill Parducci Co-Chair Remon Sinnema Voting Member Martin Smith Voting Member bill: we have quorum bill: note: has updated voting vs member list based on attendance since Oct 2015 hal: any new agenda items? none heard Approve Minutes 7 January 2015 https://lists.oasis-open.org/archives/xacml/201601/msg00027.html hal: any objection to unan approval? none heard minutes approved. II. Administrivia XACML TC Meeting(s) - dates for upcoming meetings set: https://lists.oasis-open.org/archives/xacml/201601/msg00023.html hal: will continue to meet @ 2:30 pm et, until mar 17 we start @4:30 hal: some people reported getting multiple invites: bill and hal will try to check on it. bill: set it to be 4:30 thru july, so probably need to delete some series invitation? following mtg update was sent out during mtg: https://lists.oasis-open.org/archives/xacml/201601/msg00039.html ABAC Definition: hal: comment and refs to abac defns: https://lists.oasis-open.org/archives/xacml/201601/msg00028.html david: additional refs and perspective: https://lists.oasis-open.org/archives/xacml/201601/msg00029.html hal: any comments: martin: u texas person: nice paper - will post w link https://lists.oasis-open.org/archives/xacml/201601/msg00041.html NIST publication on ABAC comparing XACML and NGAC reported last mtg that comments were to end 15-Jan-16 hal: any additional comments on this?: none at this time III. Issues Default behavior for unrecognized resource attributes hal: this issue is about transfer of documents and metadata needs to be associated properly @ new destination. martin: Might help for resource owners to code some attributes with a "must_understand" flag. hal: some sentiment that this is just one of many possible errors in this general class: thinks that we need more specific details, what is the precise test in terms of xacml constructs? is it runtime vs deployment time? Analogous to, say, Java, where one would be looking for a way to determine if a program is correct, but w/o all the details of what defines "correct" there is no known way to do this. martin: Agree that next step would be to put a specific proposal in writing for the group to assess. Appreciate help from XACML experts here on implementation possibilities. hal: has some ideas will send a follow-up email w some suggestions had email prepared but will send now w ?: https://lists.oasis-open.org/archives/xacml/201601/msg00040.html hal: that is end of agenda hal: aob? none heard hal: next mtg feb 4, 2016 @ 2:30pm et hal: mtg adjourned 2:50pm Default behavior for unrecognized resource attributes (discussion above) emails since agenda sent out: mohammad: https://lists.oasis-open.org/archives/xacml/201601/msg00033.html martin: https://lists.oasis-open.org/archives/xacml/201601/msg00035.html rich: https://lists.oasis-open.org/archives/xacml/201601/msg00036.html hal: https://lists.oasis-open.org/archives/xacml/201601/msg00037.html martin: https://lists.oasis-open.org/archives/xacml/201601/msg00038.html hal: https://lists.oasis-open.org/archives/xacml/201601/msg00040.html emails since last mtg adjourned: erik: comments on scope of policy and external to the policy conditions that can impact results. ex. emergency override, invalid policy semantics, etc. https://lists.oasis-open.org/archives/xacml/201601/msg00024.html erik: comments on whether policies can be required to contain attrs in some automated manner (ex. ext existence of attr may imply must be in policy) https://lists.oasis-open.org/archives/xacml/201601/msg00025.html martin: consider legal responsibilities of resource owner; tags can imply specific policies need to be applied; also new consideration: reluctance to identify access rights that should have been revoked; i.e. stickiness of access privs, vs quick identification of improper denial decisions https://lists.oasis-open.org/archives/xacml/201601/msg00026.html hal: questions to erik on feasibility of defining the "true intent" vs what is contained in the "actual policy" https://lists.oasis-open.org/archives/xacml/201601/msg00030.html erik: clarifies: use case is PEP contains unknown attr to policy in request: can policy be designed to recognize that an attr it doesn't recognize is in the req and that fact should be used in the decision? erik says this is example of policy correctness criteria, which is a much broader subject than this 1 case: https://lists.oasis-open.org/archives/xacml/201601/msg00031.html bill: policy versioning can help this overall situation, which has been discussed in the past by TC: https://lists.oasis-open.org/archives/xacml/201601/msg00032.html --
Thanks, Rich
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]