[I omitted Abbie from the list of Attendees - sorry]
Minutes from XACML TC Meeting 2 August 2007
1 Roll Call & Minutes
Attendees:
Ron Williams, IBM
David Staggs, Veterans Health Administration
Anil Saldhana, Red Hat
Erik Rissanen, Axiomatics AB
Bill Parducci, Individual
Tony Nadalin, IBM
Prateek Mishra, Oracle
Rich Levinson, Oracle
Abbie Barbir, Nortel
Harry Haury, NuParadigm Govt. Systems, Inc. (not yet voting member)
Anne Anderson, Sun Microsystems
Regrets:
Hal Lockhart, BEA
Seth Proctor, Sun Microsystems
Quorum was achieved (83% per Kavi)
The minutes from the 19 July TC meeting were posted late, so will
be up for approval at the 16 August TC meeting:
http://lists.oasis-open.org/archives/xacml/200708/msg00004.html
2 Administrivia
a. Workshop on SAML & XACML Given at GeoWeb 2007 in Vancouver
(SAML TC list)
Hal was not present to report on this.
b. Test Status Update - Summary List [Approvals, Publication]
(xacml-demo-tech list)
The general consensus of the TC was that a summary report
of the interop should be written for public consumption,
and not publish the detailed vendor results. The summary
should include a description of the scenarios tested, the
general results, and lessons learned.
ACTION: Bill will check with OASIS on what the TC can and should do.
ACTION: Rich will draft a summary based on message from OASIS.
c. SAML 2.0 Profile of XACML, Version 2, WD 5 uploaded
http://lists.oasis-open.org/archives/xacml/200707/msg00021.html
Anne described changes from WD4 - WD5. She will post a
summary of the changes.
She recommends use of this profile for any future XACML
interoperability demonstrations: XACML 3.0-specific
sections are clearly identified, and the rest is bug fixes,
better explanations, and examples based on what we have
learned from trying to use the existing standard version of
the profile.
A new editor is needed for this Working Draft.
c. Web Services Profile of XACML (WS-XACML) Version 1.0, WD 9
uploaded
http://lists.oasis-open.org/archives/xacml/200707/msg00015.html
http://lists.oasis-open.org/archives/xacml/200707/msg00018.html
Anne reported on the changes in this new draft, which are
summarized in msg00018.html above. This draft closes all
open issues.
A new editor is needed for this Working Draft.
d. access_control-xacml-2.0-core-spec-os-errata.doc uploaded
http://lists.oasis-open.org/archives/xacml/200707/msg00024.html
Erik posted an update to the XACML 2.0 Core errata document
including all errata fixes that have also been incorporated
into the XACML 3.0 Core specification draft.
e. New XACML References and Products document V1.83
http://lists.oasis-open.org/archives/xacml/200707/msg00025.html
Anne reported on the new version of the XACML References
and Products document. This includes a large number of new
papers and some new vendors and deployments. XACML
continues to be a hot topic of academic study.
A new editor is needed for this document.
The previous version - V1.73 - is located at
http://docs.oasis-open.org/xacml/references/xacmlRefsV1.73.html
for those who want to do a diff.
4 Issues Review
http://wiki.oasis-open.org/xacml/IssuesList
#69: location of XACML 2.0 schema files
http://lists.oasis-open.org/archives/xacml/200707/msg00019.html
This was just a clarification of why the schema reference
problem occurred, and why the "workaround" of including the
XACML 2.0 schemas in two different locations was needed.
The following issues pending review will be up for approval at
the next meeting:
32. ADMIN:Exception handling
Resolution in Delegation profile WD17
Champion: Bill
38. CORE:Replace uri-string-concatenate with to-string and
from-string functions
Resolution in XACML 3.0 WD3
Champion: Erik
40. CORE:Change ResourceContent
Resolution in XACML 3.0 WD2,3
Champion: Daniel (Erik)
50. ADMIN:Maxdepth with attribute categories
Resolution in XACML 3.0 WD2,3 and Delegation profile WD17
Champion: Erik
54. ADMIN:Number of policies required by administrative policy
delegation
Resolution in Delegation profile WD17
Champion: Erik
55. WS-XACML:Address policy references in a Requirements element
containing a PolicySet
Resolution: ReferencedPolicies element in WD9 released 18 July 2007
Champion: Anne
56. WS-XACML:Add optional "Preference" XML attribute to Apply element
Resolution: ValuePreference attribute is in WD9 released 18 July 2007
Champion: Anne
57. WS-XACML:Restrictions on XPath expression to support matching
Attribute references
Resolution in WS-XACML profile WD1-3 (informal proof in WD4)
Champion: Anne
58. WS-XACML:Handle P3P 1.0 POLICY/STATEMENT/NON-IDENTIFIABLE in an
XACMLPrivacyAssertion
Resolution: NON-IDENTIFIABLE does not overlap with the PURPOSE and
RECIPIENT clauses. WD9 is consistent with this understanding.
Champion: Anne
59. WS-XACML:Allow restricted regular expression functions in
XACMLAssertion
Resolution: Regular expressions and syntax reference are in WD9
released 18 July 2007
Champion: Anne
64. ADMIN:Treatment of administrative deny
Resolution in Delegation profile WD17
Champion: Erik
68. CORE:Backwards compatiblity of generalized Target
Resolution in XACML 3.0 WD2,3
Champion: Erik
69. ERRATA:Incorrect URL in
access_control-xacml-2.0-context-schema-os.xsd schema file
Resolution in XACML 2.0 errata updated 5 July 2007
Champion: Erik
74. SAML:Add SAML metadata description
Resolution: WD4 has a preliminary version of SAML metadata
77. CORE:Datatype of Resource id attribute in Response
Resolution in XACML 3.0 WD3
Champion: Erik
78. ERRATA:Namespace treatment in xpaths
Resolution in XACML 3.0 WD3
Champions: Daniel, Erik
79. ERRATA:Incorrect use of multiple subjects
Resolution in XACML 2.0 errata updated 5 July 2007
Champion: Anne
80. ERRATA:"Policies based on resource contents"
Resolution in XACML 2.0 errata updated 5 July 2007
Champion: Erik
81. CORE: Data type and function definitions by references to XPath 2.0
Resolution in XACML 3.0 WD3
Champions: Anne, Erik
84. WS-XACML: limit-scope functions will not work as described
Resolution: Both functions removed in WD9 released 18 July 2007
5 IHE healthcare XACML interop interest
David Staggs reported that Integrating Healthcare Environments
(IHE) is interested in a healthcare interop using XACML. IHE
runs these under the auspices of the Healthcare Information
and Management Systems Society (HIMSS). IHE takes Health
Level 7 (HL7 - an international healthcare standards
organization) scenarios, implements them, creates a profile,
and demonstrates interoperability. IHE is interested in an
XACML interop similar to the Burton interop, but also
including healthcare-related privacy cases. IHE needs a
proposal from the XACML TC by October. The interop profiles
are frequently published by the Health Information Technology
Standards Panel (HITSP), a panel developed by the U.S. Dept of
Health and Human Services as U.S. govt. standards. IHE
requires at least two vendors to participate.
Bill reported that OASIS is interested in promoting these
events. He will start the conversation with OASIS
administration.
ACTION: Bill - notify OASIS of IHE's interest.
The meeting adjourned at 10:30am Eastern Time.
--
Anne H. Anderson, Sun Microsystems Laboratories
1 Network Drive,UBUR02-311, Burlington, MA 01803-0902 USA
Tel: 781/442-0928 Fax: 781/442-0399
Email: Anne.Anderson@Sun.COM until 2 August 2007
Email: Anne.Anderson@alum.swarthmore.edu after 2 August 2007