[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes from 3 August 2006 TC Meeting
Minutes of the OASIS XACML Technical Committee Meeting 03 August 2006 Voting Member Attendees: Erik Rissanen Anne Anderson Argyn Kuketayev Michiharu Kudo Tony Nadalin Seth Proctor Kamelendu Biswas David Staggs Daniel Engovatov Bill Parducci Observer Rich Levinson (Oracle) 1. Roll Call and Agenda Review Quorum was achieved 2. Vote on approval of minutes from 20 July 2006 meeting http://lists.oasis-open.org/archives/xacml/200607/msg00009.html Approved unanimously. 3. Legal Issue Tony reported that IBM about to ship an XACML implementation. OASIS does not take Errata documents as "Standards", and since the OASIS copyright statements in schemas will only be in Errata, IBM lawyers have a problem. IBM has reported this to OASIS Admin, and Bill Parducci will also query OASIS Admin. 4. Issues list http://wiki.oasis-open.org/xacml/IssuesList Open unless shown otherwise 40. Change ResourceContent (Daniel) http://lists.oasis-open.org/archives/xacml/200607/msg00005.html STATUS: Daniel will post schemas and short explanation today. 3. Should elements in a policy target and the request context be open? STATUS: Daniel will post schemas and short explanation today. 5. Policy statements in request context http://lists.oasis-open.org/archives/xacml/200606/msg00022.html http://lists.oasis-open.org/archives/xacml/200606/msg00023.html Note:in XACMLAuthzDecisionQuery in SAML Profile Version 2 draft AI: Anne to draft proposal for describing semantics of such policies in the core. 12. More general conclusions Bill and Michiharu are champions. Michiharu does not have time to work on this now. Erik has a student who has been working on combining obligations for five months and has one more month. When he finishes his thesis, Erik can let everyone see it. The student has looked at the proposal presented by Bill and Michiharu at the last F2F. Erik will ask the student to ping Bill. STATUS: Continued open 13. "What are my permissions?" Erik reports another student is working on this and it will be made public when the student is finished. Anne and Seth also working on this. STATUS: Continued open 22. Right to revoke STATUS: Erik is writing a paper on this that will be published as a research paper when he is done. He says it is a bit "far out", so may be too fancy for XACML at this stage. STATUS: Continued open 23. Access Permitted (Hal) STATUS: Pending review. It is in the current Admin draft. 25. Nested policy sets and enforcement of delegation constraints STATUS: Open. Pending clarification by Erik. 27. The issuer of the PDP policy set Erik says it is up to the entity that uses a result to verify the identity of the issuer of that result; that issuer is not used in the reduction algorithm. STATUS: Pending review. 31. Passing arbitrary sets of Attributes in the request (Frank) AI: Erik will draft syntax and text for SAML Profile, and semantic description for core. Erik has written a proposal. STATUS: Pending review, depends on new issues #42-46. 36. PDP metadata Bill and Polar discussed this way back. Bill doesn't have a specific proposal. Supported version of XACML, PDP top-level combining algorithm, attribute timing. STATUS: Open. CHAMPION: Bill 37. SAML Profile: XACMLPolicyQuery Target element (Anne) http://lists.oasis-open.org/archives/xacml/200606/msg00033.html http://lists.oasis-open.org/archives/xacml/200606/msg00034.html No one can remember any use case for this. Anne recommended removing this element in SAML Profile version 2. STATUS: Closed. Resolution: remove this element from the XACMLPolicyQuery. 38. Replace uri-string-concatenate with to-string and from-string functions (Anne) Should we deprecate the function uri-string-concatenate in favor of a more general set of functions: string-from-<type>, and <type>-from-string STATUS: Pending Review RESOLUTION: deprecate and include string-from<type> and <type>-from-string 39. SAML Profile: allow return of policy and policy set id references? (Anne) http://lists.oasis-open.org/archives/xacml/200606/msg00033.html http://lists.oasis-open.org/archives/xacml/200606/msg00034.html Kamalindu recommends some sort of paging mechanism - send as many as PDP can send. Erik suggests set of references may indeed be too large. AI: Kamalindu will write up a new proposal and submit to mailing list. STATUS: Open CHAMPION: Anne and Kamalindu 41. Flag to force evaluation of all applicable policies (Hal) STATUS: Open pending Hal's return. 42. SAML Profile: Matching of holder identity against the request context (Erik) STATUS: Pending review. Option b) is included in current draft. 43. SAML profile: Inheritance between additional attributes (Erik) Use case: sending a whole role hierarchy with request, asking PDP to resolve it. Could require requester to resolve it first, but then get a timing issue. STATUS: Open. Continue discussion. 44. SAML profile: Do we add attributes to the access request? (Erik) Anne suggested possibly passing SAML Attributes. This is now new Issue#48. STATUS: Open. Continue discussion. 45. In the SAML profile: Translation of saml:Subject? (Erik) Not discussed. 46. SAML profile: multiple holders of attributes (Erik) Not discussed. 47. WS-Policy Assertion formats for XACML (Anne) Not discussed. 48. SAML Profile: Use SAML Attributes instead of XACML Attributes? Erik pointed out that this requires the ContextHandler to support the SAML Profile's attribute handling section and is more work for the PDP side; this is now new Issue#48. The "Champions" in this case are just stakeholders in the resolution, but are not necessarily in favor of using SAML Attributes. STATUS: New Issue. Open CHAMPIONS: Anne and Erik. 5. Wrap up The meeting adjourned at 11am EDT. -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]