[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes from 3 August 2006 TC Meeting
Minutes of the OASIS XACML Technical Committee Meeting
03 August 2006
Voting Member Attendees:
Erik Rissanen
Anne Anderson
Argyn Kuketayev
Michiharu Kudo
Tony Nadalin
Seth Proctor
Kamelendu Biswas
David Staggs
Daniel Engovatov
Bill Parducci
Observer
Rich Levinson (Oracle)
1. Roll Call and Agenda Review
Quorum was achieved
2. Vote on approval of minutes from 20 July 2006 meeting
http://lists.oasis-open.org/archives/xacml/200607/msg00009.html
Approved unanimously.
3. Legal Issue
Tony reported that IBM about to ship an XACML implementation.
OASIS does not take Errata documents as "Standards", and since
the OASIS copyright statements in schemas will only be in
Errata, IBM lawyers have a problem. IBM has reported this to
OASIS Admin, and Bill Parducci will also query OASIS Admin.
4. Issues list
http://wiki.oasis-open.org/xacml/IssuesList
Open unless shown otherwise
40. Change ResourceContent (Daniel)
http://lists.oasis-open.org/archives/xacml/200607/msg00005.html
STATUS: Daniel will post schemas and short explanation
today.
3. Should elements in a policy target and the request context be
open?
STATUS: Daniel will post schemas and short explanation
today.
5. Policy statements in request context
http://lists.oasis-open.org/archives/xacml/200606/msg00022.html
http://lists.oasis-open.org/archives/xacml/200606/msg00023.html
Note:in XACMLAuthzDecisionQuery in SAML Profile Version 2 draft
AI: Anne to draft proposal for describing semantics of such
policies in the core.
12. More general conclusions
Bill and Michiharu are champions. Michiharu does
not have time to work on this now. Erik has a student
who has been working on combining obligations for five
months and has one more month. When he finishes his
thesis, Erik can let everyone see it. The student has
looked at the proposal presented by Bill and Michiharu at
the last F2F. Erik will ask the student to ping Bill.
STATUS: Continued open
13. "What are my permissions?"
Erik reports another student is working on this and it
will be made public when the student is finished. Anne
and Seth also working on this.
STATUS: Continued open
22. Right to revoke
STATUS: Erik is writing a paper on this that will be
published as a research paper when he is done. He says
it is a bit "far out", so may be too fancy for XACML at
this stage.
STATUS: Continued open
23. Access Permitted (Hal)
STATUS: Pending review. It is in the current Admin draft.
25. Nested policy sets and enforcement of delegation
constraints
STATUS: Open. Pending clarification by Erik.
27. The issuer of the PDP policy set
Erik says it is up to the entity that uses a result to
verify the identity of the issuer of that result; that
issuer is not used in the reduction algorithm.
STATUS: Pending review.
31. Passing arbitrary sets of Attributes in the request (Frank)
AI: Erik will draft syntax and text for SAML Profile, and
semantic description for core. Erik has written a proposal.
STATUS: Pending review, depends on new issues #42-46.
36. PDP metadata
Bill and Polar discussed this way back. Bill doesn't
have a specific proposal. Supported version of XACML,
PDP top-level combining algorithm, attribute timing.
STATUS: Open. CHAMPION: Bill
37. SAML Profile: XACMLPolicyQuery Target element (Anne)
http://lists.oasis-open.org/archives/xacml/200606/msg00033.html
http://lists.oasis-open.org/archives/xacml/200606/msg00034.html
No one can remember any use case for this. Anne
recommended removing this element in SAML Profile version
2.
STATUS: Closed. Resolution: remove this element from the
XACMLPolicyQuery.
38. Replace uri-string-concatenate with to-string and from-string
functions (Anne)
Should we deprecate the function uri-string-concatenate
in favor of a more general set of functions:
string-from-<type>, and <type>-from-string
STATUS: Pending Review RESOLUTION: deprecate and include
string-from<type> and <type>-from-string
39. SAML Profile: allow return of policy and policy set id
references? (Anne)
http://lists.oasis-open.org/archives/xacml/200606/msg00033.html
http://lists.oasis-open.org/archives/xacml/200606/msg00034.html
Kamalindu recommends some sort of paging mechanism - send
as many as PDP can send.
Erik suggests set of references may indeed be too large.
AI: Kamalindu will write up a new proposal and submit to
mailing list.
STATUS: Open CHAMPION: Anne and Kamalindu
41. Flag to force evaluation of all applicable policies (Hal)
STATUS: Open pending Hal's return.
42. SAML Profile: Matching of holder identity against the request
context (Erik)
STATUS: Pending review. Option b) is included in current
draft.
43. SAML profile: Inheritance between additional attributes
(Erik)
Use case: sending a whole role hierarchy with request,
asking PDP to resolve it. Could require requester to
resolve it first, but then get a timing issue.
STATUS: Open. Continue discussion.
44. SAML profile: Do we add attributes to the access request?
(Erik)
Anne suggested possibly passing SAML Attributes. This is
now new Issue#48.
STATUS: Open. Continue discussion.
45. In the SAML profile: Translation of saml:Subject? (Erik)
Not discussed.
46. SAML profile: multiple holders of attributes (Erik)
Not discussed.
47. WS-Policy Assertion formats for XACML (Anne)
Not discussed.
48. SAML Profile: Use SAML Attributes instead of XACML
Attributes?
Erik pointed out that this requires the ContextHandler to
support the SAML Profile's attribute handling section and
is more work for the PDP side; this is now new Issue#48.
The "Champions" in this case are just stakeholders in the
resolution, but are not necessarily in favor of using
SAML Attributes.
STATUS: New Issue. Open CHAMPIONS: Anne and Erik.
5. Wrap up
The meeting adjourned at 11am EDT.
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]