OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Minutes 8 December 2016 TC Meeting

Time: 2:30 PM EST
Tel: 1-712-775-7031

Minutes for 8 December 2016 TC Meeting

I. Roll Call & Minutes
 Voting Members
  Hal Lockhart (Co-Chair)
  Bill Parducci (Co-Chair)
  Rich Levinson
  Steven Legg
  Martin Smith

  Mohammad Jafari

 Quorum: YES. 5 of 5 (100%) per Oasis site

 Approve Minutes 11 November 2016 - UPDATED
II. Administrivia
 Upcoming meetings
   The meeting on the 22nd is scheduled but will be canceled lacking further
   updates on the errata.

 IDESG Status
   Their Privacy subcommittee is now working on this and have been in contact
   with Martin and I. We are hope they'll this in front of the plenary in the
   February timeframe.
   The plenary is in Portland, Oregon if anyone is intersted. The process seems
   to be moving along.

   One of the things that I commented on 863-3 (authentication) that was not
   adopted is my suggestions on the 2 types of user attributes passed around:
   One type is for vetting, the other are attributes you are awarded--typically
   as an agent. Historically it appears to me that the first type is passed
   around, but they should be only sending around the second type for authZ
   purposes because they tend to be much less sensitive. Passing the first type
   around makes sense for "account linking" based upon probabilistic matching of
   common attributes, and is a one-time 
   Re: Account linking...There is work going on in OpenID [I think] via a 
   mechanism that shields the details of attributes on each side.
   Re: 2 types of attributes... In my experience, there are many more than 2
   classes of attributes, e.g. "admin" is not a title...
  But it is a duty assignment..
  Yes, but that information itself may be sensitive data, so there are 
  I have been working on and the major issues tends to be centered around
  liability. E.g. in a credit card transaction liability rests with the bank and
  the consumer. { reviewed examples of secondary use cases on other examples }
  I agree that it's important to identify where the liability resides. {general 
  discussion } Thanks for the feedback.

   I am not sure of the status on this since we have not heard back from Richard 
   Hill since the last post to the list.
   ACTION ITEM: Hal to get status update.
  There were 2 errata solutions posted to the list concerning XML (Steven) and
  Attribute descriptions (Rich). Feedback?
 They look good to me.
  +1. Any other input? { none voiced }

meeting adjourned

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]