OASIS eXtensible Access Control Markup Language (XACML) TC

  • 1.  Minutes from XACML TC Meeting 2 August 2007 - corrected

    Posted 08-02-2007 16:03
    [I omitted Abbie from the list of Attendees - sorry]
    
    Minutes from XACML TC Meeting 2 August 2007
    
    1  Roll Call & Minutes
    
        Attendees:
         Ron Williams, IBM
         David Staggs, Veterans Health Administration
         Anil Saldhana, Red Hat
         Erik Rissanen, Axiomatics AB
         Bill Parducci, Individual
         Tony Nadalin, IBM
         Prateek Mishra, Oracle
         Rich Levinson, Oracle
         Abbie Barbir, Nortel
         Harry Haury, NuParadigm Govt. Systems, Inc. (not yet voting member)
         Anne Anderson, Sun Microsystems
    
        Regrets:
         Hal Lockhart, BEA
         Seth Proctor, Sun Microsystems
    
        Quorum was achieved (83% per Kavi)
    
        The minutes from the 19 July TC meeting were posted late, so will
        be up for approval at the 16 August TC meeting:
        http://lists.oasis-open.org/archives/xacml/200708/msg00004.html
    
    2  Administrivia
    
        a. Workshop on SAML & XACML Given at GeoWeb 2007 in Vancouver
           (SAML TC list)
    
           Hal was not present to report on this.
    
        b. Test Status Update - Summary List [Approvals, Publication]
           (xacml-demo-tech list)
    
           The general consensus of the TC was that a summary report
           of the interop should be written for public consumption,
           and not publish the detailed vendor results.  The summary
           should include a description of the scenarios tested, the
           general results, and lessons learned.
    
           ACTION: Bill will check with OASIS on what the TC can and should do.
           ACTION: Rich will draft a summary based on message from OASIS.
    
        c. SAML 2.0 Profile of XACML, Version 2, WD 5 uploaded
           http://lists.oasis-open.org/archives/xacml/200707/msg00021.html
    
           Anne described changes from WD4 - WD5.  She will post a
           summary of the changes.
    
           She recommends use of this profile for any future XACML
           interoperability demonstrations: XACML 3.0-specific
           sections are clearly identified, and the rest is bug fixes,
           better explanations, and examples based on what we have
           learned from trying to use the existing standard version of
           the profile.
    
           A new editor is needed for this Working Draft.
    
        c. Web Services Profile of XACML (WS-XACML) Version 1.0, WD 9
           uploaded
           http://lists.oasis-open.org/archives/xacml/200707/msg00015.html
           http://lists.oasis-open.org/archives/xacml/200707/msg00018.html
    
           Anne reported on the changes in this new draft, which are
           summarized in msg00018.html above.  This draft closes all
           open issues.
    
           A new editor is needed for this Working Draft.
    
        d. access_control-xacml-2.0-core-spec-os-errata.doc uploaded
           http://lists.oasis-open.org/archives/xacml/200707/msg00024.html
    
           Erik posted an update to the XACML 2.0 Core errata document
           including all errata fixes that have also been incorporated
           into the XACML 3.0 Core specification draft.
    
        e. New XACML References and Products document V1.83
           http://lists.oasis-open.org/archives/xacml/200707/msg00025.html
    
           Anne reported on the new version of the XACML References
           and Products document.  This includes a large number of new
           papers and some new vendors and deployments.  XACML
           continues to be a hot topic of academic study.
    
           A new editor is needed for this document.
    
           The previous version - V1.73 - is located at
           http://docs.oasis-open.org/xacml/references/xacmlRefsV1.73.html
           for those who want to do a diff.
    
    4  Issues Review
        http://wiki.oasis-open.org/xacml/IssuesList
    
        #69: location of XACML 2.0 schema files
        http://lists.oasis-open.org/archives/xacml/200707/msg00019.html
    
        This was just a clarification of why the schema reference
        problem occurred, and why the "workaround" of including the
        XACML 2.0 schemas in two different locations was needed.
    
        The following issues pending review will be up for approval at
        the next meeting:
    
        32. ADMIN:Exception handling
        Resolution in Delegation profile WD17
        Champion: Bill
    
        38. CORE:Replace uri-string-concatenate with to-string and
    from-string functions
        Resolution in XACML 3.0 WD3
        Champion: Erik
    
        40. CORE:Change ResourceContent
        Resolution in XACML 3.0 WD2,3
        Champion: Daniel (Erik)
    
        50. ADMIN:Maxdepth with attribute categories
        Resolution in XACML 3.0 WD2,3 and Delegation profile WD17
        Champion: Erik
    
        54. ADMIN:Number of policies required by administrative policy
    delegation
        Resolution in Delegation profile WD17
        Champion: Erik
    
        55. WS-XACML:Address policy references in a Requirements element
    containing a PolicySet
        Resolution: ReferencedPolicies element in WD9 released 18 July 2007
        Champion: Anne
    
        56. WS-XACML:Add optional "Preference" XML attribute to Apply element
        Resolution: ValuePreference attribute is in WD9 released 18 July 2007
        Champion: Anne
    
        57. WS-XACML:Restrictions on XPath expression to support matching
    Attribute references
        Resolution in WS-XACML profile WD1-3 (informal proof in WD4)
        Champion: Anne
    
        58. WS-XACML:Handle P3P 1.0 POLICY/STATEMENT/NON-IDENTIFIABLE in an
    XACMLPrivacyAssertion
        Resolution: NON-IDENTIFIABLE does not overlap with the PURPOSE and
    RECIPIENT clauses. WD9 is consistent with this understanding.
        Champion: Anne
    
        59. WS-XACML:Allow restricted regular expression functions in
    XACMLAssertion
        Resolution: Regular expressions and syntax reference are in WD9
    released 18 July 2007
        Champion: Anne
    
        64. ADMIN:Treatment of administrative deny
        Resolution in Delegation profile WD17
        Champion: Erik
    
        68. CORE:Backwards compatiblity of generalized Target
        Resolution in XACML 3.0 WD2,3
        Champion: Erik
    
        69. ERRATA:Incorrect URL in
    access_control-xacml-2.0-context-schema-os.xsd schema file
        Resolution in XACML 2.0 errata updated 5 July 2007
        Champion: Erik
    
        74. SAML:Add SAML metadata description
        Resolution: WD4 has a preliminary version of SAML metadata
    
        77. CORE:Datatype of Resource id attribute in Response
        Resolution in XACML 3.0 WD3
        Champion: Erik
    
        78. ERRATA:Namespace treatment in xpaths
        Resolution in XACML 3.0 WD3
        Champions: Daniel, Erik
    
        79. ERRATA:Incorrect use of multiple subjects
        Resolution in XACML 2.0 errata updated 5 July 2007
        Champion: Anne
    
        80. ERRATA:"Policies based on resource contents"
        Resolution in XACML 2.0 errata updated 5 July 2007
        Champion: Erik
    
        81. CORE: Data type and function definitions by references to XPath 2.0
        Resolution in XACML 3.0 WD3
        Champions: Anne, Erik
    
        84. WS-XACML: limit-scope functions will not work as described
        Resolution: Both functions removed in WD9 released 18 July 2007
    
    5  IHE healthcare XACML interop interest
    
        David Staggs reported that Integrating Healthcare Environments
        (IHE) is interested in a healthcare interop using XACML.  IHE
        runs these under the auspices of the Healthcare Information
        and Management Systems Society (HIMSS).  IHE takes Health
        Level 7 (HL7 - an international healthcare standards
        organization) scenarios, implements them, creates a profile,
        and demonstrates interoperability.  IHE is interested in an
        XACML interop similar to the Burton interop, but also
        including healthcare-related privacy cases.  IHE needs a
        proposal from the XACML TC by October.  The interop profiles
        are frequently published by the Health Information Technology
        Standards Panel (HITSP), a panel developed by the U.S. Dept of
        Health and Human Services as U.S. govt. standards.  IHE
        requires at least two vendors to participate.
    
        Bill reported that OASIS is interested in promoting these
        events.  He will start the conversation with OASIS
        administration.
    
        ACTION: Bill - notify OASIS of IHE's interest.
    
    The meeting adjourned at 10:30am Eastern Time.
    
    -- 
    Anne H. Anderson, Sun Microsystems Laboratories
    1 Network Drive,UBUR02-311, Burlington, MA 01803-0902 USA
    Tel: 781/442-0928  Fax: 781/442-0399
    Email: Anne.Anderson@Sun.COM until 2 August 2007
    Email: Anne.Anderson@alum.swarthmore.edu after 2 August 2007
    


  • 2.  Re: [xacml] Minutes from XACML TC Meeting 2 August 2007 - corrected

    Posted 08-03-2007 09:21
    Anne Anderson - Sun Microsystems wrote:
    > [I omitted Abbie from the list of Attendees - sorry]
    >
    > Minutes from XACML TC Meeting 2 August 2007
    >
    >
    
    Regarding the issues on review, I want to point out that the 3.0 core wd 
    which is linked from the TC home page is not the latest. To review the 
    issues, you need to read wd 3. It's available in the document 
    repository. The latest delegation draft is 17, which is correctly linked 
    from the TC page.
    
    >    The following issues pending review will be up for approval at
    >    the next meeting: