Chair: Gary Cole
Attendees:
Gary Cole (Oracle)
Marco Fanti (Oracle)
Karsten Huneycutt (UNC Chapel Hill)
Shyam Mankala (Oracle)
Prateek Mishra (Oracle)
Kent Spaulding (Oracle)
Agenda:
1) Call Roll.
2) Approve minutes:
- from Aug 29 meeting.
- from Sep 12 meeting.
3) Review "SIMPLEST" draft:
- Provisioning and Compliance (adds Access-Privilege and Access-Policy)
-- Document implicit attributes of Target?
-- Document implicit attributes of Object-Class?
-- Document implicit attributes of Attribute-Definition?
4) Discuss priorities for work yet to do on draft:
- Add image (.PNG) graphic for ERD
- Examples of minimal implementation
- Examples of supporting User only
5) AOB
1) Call Roll
- Gary took roll.
- Quorum *was* achieved (5 of 6 voting members attended)
- Voting status changes:
-- Tom Zeller changed from voting-member to member.
2) Approve minutes from Aug 29 and Sep 12 meeting
- There was no objection to approving both sets of minutes as posted.
3) Review "SIMPLEST" draft:
Gary presented a draft of the Access-Privilege and Access-Policy object-classes:
- Access-Privilege is commonly known as "entitlement-definition":
-- meta-data for a specific value of a specific attribute that is valid for accounts on a particular Target.
- Access-Policy is a common feature of provisioning-systems; a link between Roles and Access-Privieges.
-- Access-Policy bundles together a set of entitlements that membership in a Role confers.
-- Provisioning-systems apply access-policy and then add/remove accounts/account-attribute-values.
-- Entitlements Services evaluate access-policy and create dynamically the equivalent of an Account with account-attribute-values.
- Gary neglected to treat the attributes of Access-Policy (appears to be a copy of the table for Access-Privilege).
* AI: Gary to correct the section that discusses the attributes of Access-Policy.
4) Discuss priorities for work yet to do on draft:
As noted above, Gary needs to correct the section that discusses the attributes of Access-Policy.
Gary wants to add a graphic that shows the entities and their relationships to each other.
- Has reported to OASIS (Robin Cover) problems uploading a PNG file to the wiki.
Prateek suggests that defining the minimal requirements for a compliant provider are key.
Gary agrees, and notes that we may find trade-offs between minimal requirements and interoperability.
5) AOB
(None.)
Gary encouraged members to review the issue posted to the alias about the RESTPML using Object-Class in the URI to each object.
|
Bi-weekly PSTC meeting (Conference Call)