[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes 17 march 2016 TC Meeting
Time: 4:30 PM EST (-0400 GMT) Tel: 1-712-775-7031 Access Code: 620-103-760 Minutes for 17 March 2016 TC Meeting I. Roll Call & Minutes Attendance Hal Lockhart (Co-Chair) Bill Parducci (Co-Chair) Rich Levinson Mohammad Jafari Steven Legg Martin Smith John Tolbert Quorum: YES. 7 of 9 (77%) per Oasis site Approve Minutes 3 March 2016 (updated) APPROVED UNANIMOUSLY II. Administrivia Proposed guest speaker Martin: I met with Bill Fischer who works with the National Cybersecurity Center of Excellence (NCCOE), which is part of NIST. Bill is is looking for ways the NCCOE can help speed the adoption of ABAC in the private sector and wondered if the TC would interested in having a conversation on our perspective of what they might do. NIST is a member of Oasis. I would like to propose that he come for a discussion with the group at the next meeting in two weeks. Hal: I think it would be very useful if he could give a simple presentation of what their charter is and what their current focus is now. Martin: Example of the kind of thing he might like to hear our views on: the TC commented recently on the draft NIST SP 1800-3--ABAC Practice Guide, on the relative usefulness of the detailed and product-specific content of that document vs. the more general logical architecture of the NCCOE's ABAC Building Block document. John: This sounds like a great idea. Do you know if they have labs? somewhere we could set up an ongoing interoperability testbed? Martin: That presumably is possible--they have lots of equipment and lab space, as well as spaces sufficient for a "plug-fest" type of event. They recently moved into a new facility in Rockville. MD. John: That would be very helpful for demonstrating fairly complex showcases. Hal: I have a personal interest in some of the unsolved ABAC issues (e.g finding attributes, creating policies, policy design. etc.) There is a lot that I believe could be useful to explore that is beyond basic integration. Martin: Along those lines, Fisher and I touched on whether NCCOE might develop guidance on non-technology issues like policy governance. Hal: Thinking out loud this could possibly follow a "clearinghouse" model. Martin: Should we send out to the list a call for ideas members might have for NCCOE? Hal: That's a good idea. Perhaps Martin call follow up with him to ask if there are any specific issues/topics that he wishes to explore. Martin: OK, I will follow up with him for this and to confirm schedule. III. Issues Potential Introductory Topics Hal: I have posted it to the list and encourage everyone to take a look and contribute however they would like. Martin: Perhaps a good next step is for people to prioritize these topics. Hal: I was envisioning some of these topics being just a couple paragraphs. Martin: Do we have a location where we can multi-edit? Hal: I will start a wiki branch in the next few days. Martin: Does anyone know of publicy available implemetion case sutides for ABAC? Hal: I suspect most of this will be vendor specific customer studies. Martin: I think it's a real gap. Hal: Yes, but many organizations are hesitant to talk about their security. meeting adjourned
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]