Title: XACML Conference Call Minutes XACML Conference Call Date: Thursday, November 14, 2002 Time: 10:00 AM EDT Tel: 512-225-3050 Access Code: 65998 Summary Reviewed open action items and discussed any additional announcements that should be made. Don brought up the issue of submitting a binding to WSS. It was decided to take no action unless use cases can be developed that prove a binding to be relevant. We reviewed the list of submitted change requests and resolved them. Action Items Anne Anderson to get comments to Tim Moses on the use of LDAP to store policies by 12/13 Anne Anderson to update the digital signature profile by 12/20 Hal to propose XACML changes for SAML 2.0. Simon to create SAML profile document (due after finalization of spec) by 12/20 Hal Lockhart to release updated XACML primer by end of week Committee chairs will coordinate publicizing of public review Anne to have preliminary updated conformance tests posted to web by tomorrow and the final updated tests will be available by 11/21. Polar to post announcement to CORBA mailing list Hal to post announcement to W3C mailing list Carlisle post announcement to Liberty mailing list Votes Voted to accept 11/7 meeting minutes Proposed Agenda: 10:00-10:05 Roll Call and Agenda Review 10:05-10:10 Vote to accept minutes of November 7 concall
http://lists.oasis-open.org/archives/xacml/200211/msg00104.html 10:10-10:15 Review action items from minutes 10:15-11:00 Discussion of public comments on XACML 1.0
http://lists.oasis-open.org/archives/xacml/200211/msg00132.html Roll Call Raw Notes (taken by Ken Yagen ) Agenda Discussion WS-Security Binding Brought Up Will we be sending a bindings document to WS-Security? Was raised in subcommittee and not addressed. Did we agree to go with SAML binding? That would be fine if wrapped in SAML assertion (which we have not done yet). If use XACML as authorization statement in QOP (Quality of Protection) for WSDL binding. Tim is concerned that we have not considered all circumstances. What would the time deadline be for WSS to propose a binding? What are the semantics or use cases? Tim suggested privacy policy. We should come up with acceptable use cases. XRML references license in WSS header as a security token and use it as an id so they can sign the document. Some might be driven by QOP work. We should continue to think about it but unless use cases can be developed, doesn't seem likely that a binding is necessary. Minutes of 11/7 meeting approved Action Item Review Anne's items in progress Hal proposed text and schema for SAML for initial issue. Remaining changes are targeting SAML 2.0. Issuer changes require major schema change and are probably SAML 2.0 changes as well. XACML primer still in progress. Hal hopes to have something out today 1.0 Spec generated and posted to web (word and pdf) and notice sent to Karl Posted to PKIX, Apache XML, PKI group at Dartmouth, Shibboleth, VaTech group Polar to post to CORBA Regarding announcements, what are going on with conformance tests. The ones on web are not updated. Anne will get a preliminary set today and should be posted tomorrow. By 11/21 the full updated conformance tests will be complete. What about posting notice to W3C? Where to post? How to target security people? Maybe XKMS? Hal will take an action item to post it. Sun is W3C member. What about MPEG? They selected XRML but had some interest in languages in this area. Any value to post to Liberty sites. Carlisle will take the liberty action item. Discussion of public comments on XACML 1.0 Appendix B.1 says that two namespaces are defined, but there are three URIs there. The URI for XACML datatypes should be removed? It's not used as a namespace, you must always spell out whole URN. Action: No objection, will remove datatype URI Sections A.2 (Primative types) and B.4 (Data types) include date and dateTime, but not time. The time type is used by many functions and at least one standard attribute, and should be on those list. Something was edited in B.4 section that did not make it in. time was in set of edits that didn't get in. Need to submit issue to xacml-issues list. Action: Change accepted '...element from each of the policies or policy' the word 'policy' is *half* bold. Action: Change accepted 0003c. line 1039: starting with line 1039 the examples are color encoded. The snippets prior to this are not. given the darkened background I think that the color makes it harder to read (and print), but either way i think that it should be consistent (sections 5 & 6 go back and forth twixt the two). this continues thorough [portions] of the primer. Action: Easier to just remove color encoding Minor edits to formatting all accepted: 0003b. line 793: 0003d. line 3278: 0003e. line 3291: 0003f. line 3385: 0003g. line 3399: '[IBMDSA]' i thought that the IBMDSA reference was replaced with an IEEE spec throughout the doc, or was this only in a specific instance? Action: Change accepted 0003h. line 4277: 'first argument of
Anderson@sun.com ?' question mark should be quotation mark Action: Change accepted 0003i. line 4434: ' urn:oasis:names:tc:xacml:1.0:resource:scope' leading spaces or indentation (should be left margin aligned) Action: Change accepted 0003j. finally, there seems to be some squooshing going on with lines 2618, 2742, 2778 in the pdf. can others confirm? Action: Change accepted all of the functions defined as type-* (like the type-one-and-only function) need to have a time-* version added in 10.3.8 (and maybe elsewhere, though I don't think so) Action: Change accepted MatchId functions used in a target take one AttributeDesignator or AttributeSelector argument, and one literal AttributeValue argument... Action: Rejected Section A14.5 still lists a present function. I think the decision was to remove this functionality entirely for the time being. Action: Accepted 0007a. 10.3.7: dayTime and yearMonth durations should read "xquery-operators" not "xquey-operaqtors" Action: Accepted 0008a. In draft 18f section 5.30, 5.31, and 5.32 documents the AttributeIsPresent elements, but the 18f schema doesn't contain these. Action: Accepted 0008b. Also, the 18f schema contains the QualifiedSubjectAttributeDesignator element, but this isn't described in the 18f draft, it first appears in the conformance tables 10.3.1 Action: Accepted in a number of sections in 10.3 (10.3.2, 10.3.4, 10.3.5, 10.3.6, 10.3.7) the 'u' in 'urn' has become a 'U' Action: Accepted Also reviewed several additional ones that have come in since Anne published her list and accepted them.