[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes 17 march 2016 TC Meeting
Time: 4:30 PM EST (-0400 GMT)
Tel: 1-712-775-7031
Access Code: 620-103-760
Minutes for 17 March 2016 TC Meeting
I. Roll Call & Minutes
Attendance
Hal Lockhart (Co-Chair)
Bill Parducci (Co-Chair)
Rich Levinson
Mohammad Jafari
Steven Legg
Martin Smith
John Tolbert
Quorum: YES. 7 of 9 (77%) per Oasis site
Approve Minutes 3 March 2016 (updated)
APPROVED UNANIMOUSLY
II. Administrivia
Proposed guest speaker
Martin:
I met with Bill Fischer who works with the National Cybersecurity Center of
Excellence (NCCOE), which is part of NIST. Bill is is looking for ways the
NCCOE can help speed the adoption of ABAC in the private sector and
wondered if the TC would interested in having a conversation on our
perspective of what they might do. NIST is a member of Oasis. I would like
to propose that he come for a discussion with the group at the next meeting
in two weeks.
Hal:
I think it would be very useful if he could give a simple presentation of
what their charter is and what their current focus is now.
Martin:
Example of the kind of thing he might like to hear our views on: the TC
commented recently on the draft NIST SP 1800-3--ABAC Practice Guide, on the
relative usefulness of the detailed and product-specific content of that
document vs. the more general logical architecture of the NCCOE's ABAC
Building Block document.
John:
This sounds like a great idea. Do you know if they have labs? somewhere we
could set up an ongoing interoperability testbed?
Martin:
That presumably is possible--they have lots of equipment and lab space, as
well as spaces sufficient for a "plug-fest" type of event. They recently
moved into a new facility in Rockville. MD.
John:
That would be very helpful for demonstrating fairly complex showcases.
Hal:
I have a personal interest in some of the unsolved ABAC issues (e.g finding
attributes, creating policies, policy design. etc.) There is a lot that I
believe could be useful to explore that is beyond basic integration.
Martin:
Along those lines, Fisher and I touched on whether NCCOE might develop
guidance on non-technology issues like policy governance.
Hal:
Thinking out loud this could possibly follow a "clearinghouse" model.
Martin:
Should we send out to the list a call for ideas members might have for
NCCOE?
Hal:
That's a good idea. Perhaps Martin call follow up with him to ask if there
are any specific issues/topics that he wishes to explore.
Martin:
OK, I will follow up with him for this and to confirm schedule.
III. Issues
Potential Introductory Topics
Hal:
I have posted it to the list and encourage everyone to take a look and
contribute however they would like.
Martin:
Perhaps a good next step is for people to prioritize these topics.
Hal:
I was envisioning some of these topics being just a couple paragraphs.
Martin:
Do we have a location where we can multi-edit?
Hal:
I will start a wiki branch in the next few days.
Martin:
Does anyone know of publicy available implemetion case sutides for ABAC?
Hal:
I suspect most of this will be vendor specific customer studies.
Martin:
I think it's a real gap.
Hal:
Yes, but many organizations are hesitant to talk about their security.
meeting adjourned
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]