OASIS eXtensible Access Control Markup Language (XACML) TC

Minutes 12 March 2009 TC meeting

  • 1.  Minutes 12 March 2009 TC meeting

    Posted 03-14-2009 03:00
    Time: 10:00 am EDT
    Tel: 512-225-3050 Access Code: 65998
    
    Proposed Agenda for 12-Mar-09 TC Meeting:
    
    10:00 - 10:05 Roll Call & Approve Minutes
    
    Voting Members
    
    Bill Parducci 	Individual
    Rich Levinson 	Oracle Corporation
    Hal Lockhart 	Oracle Corporation
    Seth Proctor 	Sun Microsystems
    John Tolbert 	The Boeing Company
    Duane DeCouteau 	Veterans Health Administration
    
    Members
    
    Dilli Arumugam 	Sun Microsystems
    Dilli Dorai  Sun Microsystems (* need to check membership)
    
    Observers
    
    John Moehrke  	GE Healthcare
    
       5 March 2009 TC Meeting
       http://lists.oasis-open.org/archives/xacml/200903/msg00047.html
    
    	minutes approved
    
    10:05 - 10:10 Administrivia
       Version Control (submit conformance tests)
       http://lists.oasis-open.org/archives/xacml/200903/msg00026.html
    
    	Bill posted changes to list, conformance tests
    	Static directories - not how versions designed
    
       Conformance Tests
       http://lists.oasis-open.org/archives/xacml/200903/msg00027.html
        ... (+ 7 intermediate emails)
       http://lists.oasis-open.org/archives/xacml/200903/msg00048.html
    
    	subversion has some primitives, but may be more than we need
    	things are "tagged"
    
       v3 Core, Multiple Resource Profile SAML Profile Updates
        (Sample Policy Assertion: policy identifiers action item)
       http://lists.oasis-open.org/archives/xacml/200903/msg00028.html
    
    	Erik posted message explaining 3 categories:
    	  ("top level", "ReferencedPolicies", 
    	   "Policies outside assertion")
    	Hal: why do categories need to be kept separate
    
      Action: TC: Hal indicates all should be reviewing specs and
    	asking questions if there are concerns about any aspect.
    
    
    10:10 - 11:00 Issues
       Hierarchical Resource Profile Proposal
        Hier: Hal's summary:
        http://lists.oasis-open.org/archives/xacml/200903/msg00031.html
         ... (+ 12 intermediate emails)
        http://lists.oasis-open.org/archives/xacml/200903/msg00068.html
    
        Hier: New core and multiple resource profile and hierarchical
        http://lists.oasis-open.org/archives/xacml/200903/msg00024.html
         ... (+ 8 intermediate emails)
        http://lists.oasis-open.org/archives/xacml/200903/msg00065.html
    
        Hier: Hierarchical Profile and the URI
        http://lists.oasis-open.org/archives/xacml/200903/msg00050.html
         ... (+ 7 intermediate emails)
        http://lists.oasis-open.org/archives/xacml/200903/msg00063.html
    
    	Hal: there appears to be general agreement that the issue is
    	 whether or not to include ancestors that are "transitive".
    
    	   (where from prev mtg discussion: "transitive is mathematical 
    	   term meaning any ancestor of my ancestor is also my ancestor, 
    	   even if the ancestor belongs to hierarchies that I do not 
    	   belong to. Presumably the transitive property applies to 
    	   those ancestors in that all inclusive set that are not 
    	   ancestors through any hierarchy I belong to, but only 
    	   through hierarchis that my ancestors belong to that I do not.
    	 
    	Hal: recalls original assumptions that one or more hierarchies 
    	 singly multiply rooted.
    
    	Bill: agrees
    
    	Hal: some consensus that transitive ancestors are not needed.
    
    	Hal: if we include only hierarchies, that resource is a 
    	  member of, that should solve any problems.
    
    	Rich: agrees, but expects based on emails that this is exactly
    	  the point of disagreement that has caused all the discussion.
    
    	Hal: we need input from other interested parties on this issue.
    
    
    	Meeting adjourned 10:40