Dear All from the in depth discussions we have had on the call today, I have listed the following issues and their current state of resolution 1. Should there be a BTG state attribute. Unanimously agreed by the call that there should be. 2. Should there be a standardised BTG response from the PDP (vs. user knows by magic that he can break the glass). Majority in favour of this but its not yet unanimous. 3. When the BTG action is granted, should there be either an obligation in the policy to set the BTG state vs. a special purpose application such as a Glass manager that knows it has to set the state. There is no agreement on this issue yet. 4. Should the BTG mechanism only use existing components in standard mode. This was agreed unanimously. 5. Can BTG be made into a more generic model (e.g. to include dynamic roles or alert status) rather than being specific to BTG. David proposed yes, if we replace BTG by the general concept of a third class of user who is entitled to override a Deny if he is willing to take the consequences, then we can remove all mention to BTG and call it Controlled Access Override 6. Should different mechanisms be used for inter organisational use case vs. intra organisational use case. David proposes this issue is out of scope of the discussion since it is not an issue addressed in general by XACML. 7. Should the standardised BTG response (if there is one) contain advice to the user which details the obligations that will be carried out if he decides to override the deny (so the user knows in advance what the outcomes of his override will be). General feeling that this is a good thing. 8. What are the dimensions of the state attribute and should it be standardised how these dimensions are specified? This issue was not discussed in the call today, but has been raised on the list. There seems to be general agreement that the state is multi-dimensional and based on attributes of the subject, action, resource and environment. I would propose that we address issue 5 first in more depth, since this concerns scoping of the work, and whether it is restricted to BTG or to a more general concept of there being some class of user (as specified in the policy) who is able to turn a deny into a grant. regards David -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security School of Computing, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email:
D.W.Chadwick@kent.ac.uk Home Page:
http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site:
http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************