OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Minutes for 21 January 2016 TC Meeting - updated



Time: 2:30 PM EST (-0500 GMT)
Tel: 1-712-775-7031
Access Code: 620-103-760

Minutes for 21 January 2016 TC Meeting - updated

 note: added some clarification to martin's comments in
        the attr discussion;
 also: added martin's link email to reference on abac

 note: includes bill's mtg schedule update notice,
  and hal's post-mtg email he had prep'd earlier on attr discussion

I. Roll Call & Minutes

Voting Members: 8 of 9 (88%) (used for quorum calculation) 
Richard Hill	Voting Member
Mohammad Jafari	Voting Member
Steven Legg	Voting Member
Rich Levinson	Secretary
Hal Lockhart	Co-Chair
Bill Parducci	Co-Chair
Remon Sinnema	Voting Member
Martin Smith	Voting Member

   bill: we have quorum

   bill: note: has updated voting vs member list based on attendance since Oct 2015


   hal: any new agenda items? none heard

  Approve Minutes 7 January 2015
   https://lists.oasis-open.org/archives/xacml/201601/msg00027.html

   hal: any objection to unan approval? none heard
    minutes approved.


II. Administrivia 

  XACML TC Meeting(s) - dates for upcoming meetings set:
    https://lists.oasis-open.org/archives/xacml/201601/msg00023.html

     hal: will continue to meet @ 2:30 pm et, until mar 17 we start @4:30

     hal: some people reported getting multiple invites: bill and hal
	will try to check on it.

     bill: set it to be 4:30 thru july, so probably need to delete some
	series invitation?
      following mtg update was sent out during mtg:
        https://lists.oasis-open.org/archives/xacml/201601/msg00039.html


  ABAC Definition:
    hal: comment and refs to abac defns:
      https://lists.oasis-open.org/archives/xacml/201601/msg00028.html
    david: additional refs and perspective:
      https://lists.oasis-open.org/archives/xacml/201601/msg00029.html

   hal: any comments:
   martin: u texas person: nice paper - will post w link
    https://lists.oasis-open.org/archives/xacml/201601/msg00041.html


  NIST publication on ABAC comparing XACML and NGAC
    reported last mtg that comments were to end 15-Jan-16

   hal: any additional comments on this?: none at this time

III. Issues

 Default behavior for unrecognized resource attributes

  hal: this issue is about transfer of documents and metadata needs
	to be associated properly @ new destination.

  martin: Might help for resource owners to code some attributes
           with a "must_understand" flag. 

  hal: some sentiment that this is just one of many possible errors in this
	general class: thinks that we need more specific details, what is
	the precise test in terms of xacml constructs? is it runtime vs
	deployment time? Analogous to, say, Java, where one would be looking
	for a way to determine if a program is correct, but w/o all the
	details of what defines "correct" there is no known way to do this.

  martin: Agree that next step would be to put a specific proposal in writing
           for the group to assess.
          Appreciate help from XACML experts here on implementation possibilities.

  hal: has some ideas will send a follow-up email w some suggestions
        had email prepared but will send now w ?:
    https://lists.oasis-open.org/archives/xacml/201601/msg00040.html


  hal: that is end of agenda

  hal: aob? none heard
  hal: next mtg feb 4, 2016 @ 2:30pm et

  hal: mtg adjourned 2:50pm

  Default behavior for unrecognized resource attributes (discussion above)

   emails since agenda sent out:
    mohammad:
     https://lists.oasis-open.org/archives/xacml/201601/msg00033.html
    martin:
     https://lists.oasis-open.org/archives/xacml/201601/msg00035.html
    rich:
     https://lists.oasis-open.org/archives/xacml/201601/msg00036.html
    hal:
     https://lists.oasis-open.org/archives/xacml/201601/msg00037.html
    martin:
     https://lists.oasis-open.org/archives/xacml/201601/msg00038.html
    hal:
     https://lists.oasis-open.org/archives/xacml/201601/msg00040.html

   emails since last mtg adjourned:
    erik: comments on scope of policy and external to the policy conditions
      that can impact results. ex. emergency override, invalid policy semantics, etc.
        https://lists.oasis-open.org/archives/xacml/201601/msg00024.html
    erik: comments on whether policies can be required to contain attrs
      in some automated manner (ex. ext existence of attr may imply must be in policy)
        https://lists.oasis-open.org/archives/xacml/201601/msg00025.html
    martin: consider legal responsibilities of resource owner; tags can imply specific
      policies need to be applied; also new consideration: reluctance to identify
      access rights that should have been revoked; i.e. stickiness of access privs,
      vs quick identification of improper denial decisions
        https://lists.oasis-open.org/archives/xacml/201601/msg00026.html
    hal: questions to erik on feasibility of defining the "true intent" vs what
      is contained in the "actual policy"
        https://lists.oasis-open.org/archives/xacml/201601/msg00030.html
    erik: clarifies: use case is PEP contains unknown attr to policy in request: can
      policy be designed to recognize that an attr it doesn't recognize is in the req
      and that fact should be used in the decision? erik says this is example of
      policy correctness criteria, which is a much broader subject than this 1 case:
        https://lists.oasis-open.org/archives/xacml/201601/msg00031.html
    bill: policy versioning can help this overall situation, which has been discussed
      in the past by TC:
        https://lists.oasis-open.org/archives/xacml/201601/msg00032.html


--
Thanks, Rich

Oracle
Rich Levinson | Internet Standards Security Architect
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803

Green
            Oracle Oracle is committed to developing practices and products that help protect the environment



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]