Minutes 13 April TC Meeting

[William Parducci <bill@parducci.net>]

Time: 4:30 PM EST (-0400 GMT)
Tel: 1-712-775-7031

Minutes for 13 April 2017 TC Meeting

I. Roll Call & Minutes
Attendance
Voting Members
 Hal Lockhart (Co-Chair)
 Bill Parducci (Co-Chair)
 Rich Levinson
 Steven Legg
 Martin Smith
 Mohammad Jafari

Members
 David Brossard

Quorum: YES. 5 of 7 (71%) 

Approve Minutes 30 March 2017
 APPROVED

II. Administrivia
 Hal: Richard Hill has notified me that he will no longer be able to participate in the
 TC.

 David:
  I co-presented and published an ACM paper on how to implement ABAC / XACML. It may be
  found here:
  http://dl.acm.org/citation.cfm?id=3041051

III. Issues
Errata Status
 Hal:
  I am going to walk through the document that I posted to the list:
  https://lists.oasis-open.org/archives/xacml/201704/msg00001.html

  The TC is encouraged to review and discuss the proposed actions before the next meeting.

HL7 (Compound Attributes)
 David:
  I am interested if the TC has members interacting with the work on HL7...?
 Mohammad:
  I have. HL7 namespace health specific attributes are interoperable with XACML
 Hal:
  Attributes, not types?
 Mohammad:
  Some of the attributes are of type HL7 descriptor. Is this done in the context of XSPA?
 David:
  I don't believe so.
 Hal:
  If that's the case, it would be interesting to learn about it. There is a precedence 
  for this type of model with Geo XACML, requiring a custom set of functions to consume.
 Mohammad:
  I have been involved in some discussions on how to create flat attributes from compound
  domain specific types. Perhaps we should explore an normative way to accommodate 
  complex attributes? 
 Steven:
  Entities Profile allows you to process complex attribute types in XACML.
 Martin:
  Doesn't this create a problem delivering them in SAML?
 Hal:
  If these are complex XML types, they should be able to be passed around.
 Mohammad:
  It's not that it's non-standard, it's that there were no known implementations of 
  handling complex attributes types.
 Hal:
   This should distill down to PDP support.
 Mohammad:
   I am not sure compressing complex attributes to XML strings will always lead to a 
   deterministic result.
 Hal:
   For the record the most common implementation of SAML is SSO, without attributes. Any 
   work with attributes and SAML is a 1% of implementations domain.

Break the Glass
 Martin:
  There is a lot of interest in the Break the Glass scenario.
 Hal:
  We explored this years ago without resolution. There were some issues surrounding 
  Obligations initiated via Undetermined responses if I recall.
 Martin:
  It seems like the solution should be fairly straightforward.
 Bill:
  A draft document was posted by David Chadwick on the XACML email list:
  https://lists.oasis-open.org/archives/xacml/201102/doc00000.doc

meeting adjourned.