[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for 4 February 2016 TC Meeting
Time: 2:30 PM EST (-0500 GMT) Tel: 1-712-775-7031 Access Code: 620-103-760 Minutes for 4 February 2016 TC Meeting Note: before sending this out I noticed we voted on the original minutes, not the updated minutes. I have corrected this below but leave it to higher authorities to determine if revote is required! I. Roll Call & Minutes Attendance Voting Members Veterans Health Admin Mohammad Jafari ViewDS Identity Solns Steven Legg Oracle Rich Levinson Oracle Hal Lockhart Individual Bill Parducci EMC Remon Sinnema Individual Martin Smith Queralt, Inc. John Tolbert Non-Voting Members Axiomatics David Brossard Approve Minutes 21 January 2015 https://lists.oasis-open.org/archives/xacml/201601/msg00042.html updated minutes: https://lists.oasis-open.org/archives/xacml/201601/msg00043.html hal: any objections? None heard. motion carries II. Administrivia XACML TC Meeting(s) - dates for upcoming meetings set: https://lists.oasis-open.org/archives/xacml/201601/msg00023.html checked kavi: mtgs look currently accurate, so any remaining problems people might be having, should check if problem still showing up i.e. old emails on times should be considered obsolete. ? is if any new emails are still showing an issue to be addressed? will keep current time (2:30 EST) until March, then switch to 4:30 EST if other times preferable, then should start email thread to consider ABAC Definition: David: reference https://lists.oasis-open.org/archives/xacml/201601/msg00041.html III. Issues Default behavior for unrecognized resource attributes https://lists.oasis-open.org/archives/xacml/201602/msg00002.html (latest) checking if all attributes been sufficiently test by policy avoid synchronized human maintained lists, which all solns so far have reqd to impl feature for specifying attrs that are interested in martin: looking for something automatically, relying party would need to ` have an additional process to do this which is not acceptable. david: pep may be passing irrelevant attrs, xml gateway may be automatically including data from headers, etc. Does not seem to be practical ways to determine what kind of filter would be appropriate to remove attributes that are supposedly irrelevant. martin: no existing categorization of attributes as to relevance for policy or not. david: customer: how to validate incoming requests? should they measure whether there is one and only before determining if more than one. rich: either you want to check for "one and only one" or not? david: dob: 0 or more than one get indeterminate third: measure size of bag (there is a bagsize fcn defined): more discussion on general issue of whether xacml's existing capabilities can be used for specific situations, and what kind of guidance can be given to make things work: i.e. defining the "right" kind of policy, which is very subjective based on the environment, esp the nature of the data customers are allowed to submit. Additional topic(s): martin: caching: decisions; can you rely on the same decision being appropriate in the future? generally depends on environment john: what about swiping a card in a building to access parts of the bldg. fich: like sso: initial check is more stringent than subsequent checks based on the validity of initial check. martin: workshop: NIST 3 wks ago: measurement of identity related items, such as strength of authentication, etc. concern: little consensus of defns, so it seems premature to start talking in terms of measurement. john: idenity-proofing: white paper trying to identify 13 attrs about attrs: when last updated, etc. quickly becomes unworkable: hal: hearing the LOA w 4 levels is encountering issues, so ongoing research to quantify reqts and possible solns. mtg adj: 3:25 PM EST next call: Feb 18, 2016: 2:30 PM EST --
Thanks, Rich
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]