[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes 11 May 2017 TC meeting
Time: 4:30 PM EST (-0400 GMT) Tel: 1-712-775-7031 Minutes for 11 May 2017 TC Meeting I. Roll Call & Minutes Attendance Voting Members Hal Lockhart (Co-Chair) Bill Parducci (Co-Chair) Rich Levinson Steven Legg Members David Brossard Quorum: YES. 4 of 6 (66%) Approve Minutes 27 April 2017 APPROVED II. Administrivia No administrative issues. III. Issues Errata Status Hal: I uploaded the 3 versions of the docs. Based upon the list traffic I'll entertain a motion to put working Draft 15 day p[ublic review Bill: I move that the XACML TC approve moving from a Working Errata Draft: eXtensible Access Control Markup Language (XACML) Version 3.0 Errata 01 Working Draft 05 https://www.oasis-open.org/apps/org/workgroup/xacml/download.php/60527/xacml-3.0-core-spec-errata01-wd05.doc as a Committee Specification Draft Core Draft w Errata applied, and designate the .doc version of the specification as authoritative and to be published to the repository AND be made available for a 15-day Public Review AND a comparison document between original Core OS and the new Core CSD with Errata appied: eXtensible Access Control Markup Language (XACML) Version 3.0 OASIS Standard – With Errata 01 applied 22 January 2013 https://www.oasis-open.org/apps/org/workgroup/xacml/download.php/60621/xacml-3.0-core-os-en-REDLINE.docx Steven: I second the motion. Hal: Any Objections? Vote: APPROVED unanimously Hal: I will take action item to submit to TC-Admin. Compound Attributes No further discussion at this time. Collaboration David: About 3 years XACML had discussed collaborating with Oasis PRMN TC to make more XACML more visible with groups context of privacy policy. Hal: First question is what mechanisms to get the word out. Rich: Concur that this would be good, but seems like XML basis is an issue for adoption. Hal: I think the first step is what avenues David: XACML being XML is a small issue, XACML itself being unknown is a much greater unknown in our experience, even within many of the security circles. One way is to work within Oasis to spread the word better. Also we can externally author pages that provide examples that demonstrate application. Rich: I think it would be very useful to build a high level model that allows for XACML policy without the need for in-depth XML. Hal: Alpha is the best example of this that I am aware of. We have a Profile that could use more examples. Rich: I will look into that more deeply. Hal: The idea here is to brainstorm ideas: Are there forums, organizations that could be reached out to. David: There are some legal topics emerging...I can post the first email of what I have been working on to the list. Bill: Anecdotally, it seems that adoption is heavily aligned with seeing a working example and co-opting the applicable bits. Hal: We have a compliance self-test but policy examples that represent real world situations. Starting with something simple like "what a user can do, what an admin can do..." David: I have started writing policies on Wikipedia to get them out there. Rich: The OpenAZ demo on the TC site does a good job of demonstrating how OAuth can be implemented in conjunction with XACML. Bill: I think it would be worthwhile to see if we can find a way to bump this up. I think we were ahead of the curve here. Hal: Let's continue brainstorming on the list. Meeting adjourned.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]