Minutes of the OASIS XACML Technical Committee Meeting
03 August 2006
Voting Member Attendees:
Erik Rissanen
Anne Anderson
Argyn Kuketayev
Michiharu Kudo
Tony Nadalin
Seth Proctor
Kamelendu Biswas
David Staggs
Daniel Engovatov
Bill Parducci
Observer
Rich Levinson (Oracle)
1. Roll Call and Agenda Review
Quorum was achieved
2. Vote on approval of minutes from 20 July 2006 meeting
http://lists.oasis-open.org/archives/xacml/200607/msg00009.html
Approved unanimously.
3. Legal Issue
Tony reported that IBM about to ship an XACML implementation.
OASIS does not take Errata documents as "Standards", and since
the OASIS copyright statements in schemas will only be in
Errata, IBM lawyers have a problem. IBM has reported this to
OASIS Admin, and Bill Parducci will also query OASIS Admin.
4. Issues list
http://wiki.oasis-open.org/xacml/IssuesList
Open unless shown otherwise
40. Change ResourceContent (Daniel)
http://lists.oasis-open.org/archives/xacml/200607/msg00005.html
STATUS: Daniel will post schemas and short explanation
today.
3. Should elements in a policy target and the request context be
open?
STATUS: Daniel will post schemas and short explanation
today.
5. Policy statements in request context
http://lists.oasis-open.org/archives/xacml/200606/msg00022.html
http://lists.oasis-open.org/archives/xacml/200606/msg00023.html
Note:in XACMLAuthzDecisionQuery in SAML Profile Version 2 draft
AI: Anne to draft proposal for describing semantics of such
policies in the core.
12. More general conclusions
Bill and Michiharu are champions. Michiharu does
not have time to work on this now. Erik has a student
who has been working on combining obligations for five
months and has one more month. When he finishes his
thesis, Erik can let everyone see it. The student has
looked at the proposal presented by Bill and Michiharu at
the last F2F. Erik will ask the student to ping Bill.
STATUS: Continued open
13. "What are my permissions?"
Erik reports another student is working on this and it
will be made public when the student is finished. Anne
and Seth also working on this.
STATUS: Continued open
22. Right to revoke
STATUS: Erik is writing a paper on this that will be
published as a research paper when he is done. He says
it is a bit "far out", so may be too fancy for XACML at
this stage.
STATUS: Continued open
23. Access Permitted (Hal)
STATUS: Pending review. It is in the current Admin draft.
25. Nested policy sets and enforcement of delegation
constraints
STATUS: Open. Pending clarification by Erik.
27. The issuer of the PDP policy set
Erik says it is up to the entity that uses a result to
verify the identity of the issuer of that result; that
issuer is not used in the reduction algorithm.
STATUS: Pending review.
31. Passing arbitrary sets of Attributes in the request (Frank)
AI: Erik will draft syntax and text for SAML Profile, and
semantic description for core. Erik has written a proposal.
STATUS: Pending review, depends on new issues #42-46.
36. PDP metadata
Bill and Polar discussed this way back. Bill doesn't
have a specific proposal. Supported version of XACML,
PDP top-level combining algorithm, attribute timing.
STATUS: Open. CHAMPION: Bill
37. SAML Profile: XACMLPolicyQuery Target element (Anne)
http://lists.oasis-open.org/archives/xacml/200606/msg00033.html
http://lists.oasis-open.org/archives/xacml/200606/msg00034.html
No one can remember any use case for this. Anne
recommended removing this element in SAML Profile version
2.
STATUS: Closed. Resolution: remove this element from the
XACMLPolicyQuery.
38. Replace uri-string-concatenate with to-string and from-string
functions (Anne)
Should we deprecate the function uri-string-concatenate
in favor of a more general set of functions:
string-from-