OASIS eXtensible Access Control Markup Language (XACML) TC

[xacml] XACML August 15, 2002 Minutes

  • 1.  [xacml] XACML August 15, 2002 Minutes

    Posted 08-15-2002 16:58
    Title: XACML Conference Call Minutes XACML Conference Call Date:   Thursday, August 15, 2002 Time: 10:00 AM EDT Tel: 512-225-3050 Access Code: 65998   Summary TC Call focused on reviewing submissions required for version 16 of specification. Please read the minutes and make sure you send your items to Tim before tomorrow, 8/17. Deliverables are broken out by person. All submissions to Tim for 16 should have reference to v16 in the title of the email. Also discussed the semantics of SubjectAttributeDesignator and voted to accept the proposal Simon-1. Reviewed the schema change requests from Simon and Anne and voted to accept all of them.   The next TC Call will be on 8/22. Also, during the scheduled Schema subcommittee call next Monday, 8/19, we will review the issues list since we did not get to it today.   Action Items Submit items to Tim for v16 as specified in these minutes Don to post threats for security and privacy text by Tuesday 8/20 Anne and TC will look at XACML extensibility points sections again and decide if needs to be revised Bill update UML diagrams by Friday 8/17 Michiharu to provide XPATH usage examples Michiharu to convert XSLT to minimal for used for conformance cases Simon will publish 16g schema with changes voted on during call Tim will publish v16 spec Friday 8/16   [Anne, 21 Aug 2002 ] Conformance Tests: Use 3-4 digit test case numbers for alphabetical ordering Remove "conforming PAPs " section Clarify that this is tests for a PDP "successfully using" XACML Update "Conformance Requirements" section to point to the specification. [Anne, mid-Sept 2002] Get comments to Tim on profile for using LDAP to store policies. [Anne, mid-Sept 2002] Update XML Digital Signature profile. [Anne, mid-Sept 2002] Send proposal for SAML changes based on our Context to XACML TC list.   After TC review and modification, we will send it on to SAML.   Deadline for this is SAML's deadline for finalizing their list for 2.0.   Votes Vote to accept minutes of F2F 7/30-8/1 passed Vote to accept minutes of August 8 TC Call passed Vote on subject attribute designator semantics to accept proposal Simon-1 passed Votes to accept schema additions/revisions from Simon/Anne passed   Proposed Agenda: 10:00-10:05 Roll Call and Agenda Review 10:05-10:10 Vote to accept minutes of August 8 concall http://lists.oasis-open.org/archives/xacml/200208/msg00013.html 10:10-10:15 Review of Action Items (see 8/8 minutes) 10:15-10:25 Vote on SubjectAttributeDesignator semantics (Simon) 10:25 - 10:59 Review of Issues list (Ken) 10:59 - 11:00 Next meeting? (Aug. 22 or 29?)   Roll Call Ken Yagen, Crosslogix Daniel Engovatov, Crosslogix Hal Lockhart, Entegrity Carlisle Adams , Entrust Tim Moses, Entrust Don Flinn , Hitachi Konstantin Beznosov , Hitachi Michiharu Kudoh, IBM Simon Godik , Self Bill Parducci , Self Anne Anderson, Sun Microsystems Gerald Brose, Xtradyne   Prospective Members Steve Andersen, OpenNetwork   Steve Anderson receives voting member status following this TC Call.   Raw Minutes (taken by Ken Yagen ) 10:06 Additional Agenda Items Tim - Would like to discuss an inventory of submissions for version 16 Simon - would like to propose and vote on schema changes   Vote to approve minutes of August 8 TC Call passed   10:09 Action Items Vote to approve minutes of 7/30 - 8/1 F2F passed Anne has submitted a simple example in English to list Simon has updated current example to comply with schema Simon's proposed schema fix for AttributeIssuer - would like to understand procedure. Have a short list of proposed amendments and would like to discuss Ken has posted Issues List 9 No issue list resolutions received   10:13 Inventory of submissions for version 16 Include version 16 in title of any emails to Tim Hal Identifier section will be sent by noon . Michiharu would like a couple resource identifiers included and will send them to Hal Hal - note about getting list or set datatype information from Daniel or Polar. Do not need an identifier for list or set Security Considerations will be available by close of business. Complete IP section by end of day Proper value for XPathVersion (URN) - current one is fine Don Threats for security and privacy will be available by Tuesday. Will not be in v16. Daniel Appendix with updated table and description will be received by end of day Tim Background section is complete Highlight boxes in XACML Context section complete Figure 1: update complete Section 4: label two "Target" sections will be complete Background references into document references complete Eliminate description of rule digest and designator (was under Hal's name) Anne Will take another look at it today and email Tim if needs revision Update extensibility for J2SE. Looked over current schema in light of J2SE requirements and posted points of extensibility that are important. Will not rewrite for this version but may take a look again at it after 16 Generate list of schema elements - did it alphabetically and posted to list 8/14 Bill Will update UML diagram by Friday Simon Section 5 and 7 posted Michiharu Update SAML Profile XSLT - Will be completed by tomorrow morning Can describe in words but to do transformation need request and response context. API does not provide to documents as input to processor. Should we add subject information into response context to make transformation to SAML easier? Decision is to to assume higher level XML document that contains both request and response context to perform transformation. Usage examples for XPATH - not critical for 16. Convert XSLT to minimal for used for conformance cases Someone may produce a response with status information and want to be able to compare response to minimum required response, want XSLT that removes everything but minimum required response. Lower priority for conformance test, not for v16. Polar Combining algorithms were posted   10:41 Vote on subject attribute designator semantics Three proposals from Polar, Michiharu and Simon Proposal Simon-1: Matches always end and new element call SubjectAttributeWhere that will have a sequence of matches as children and passed to Apply Function. Has been included in the schema 16f. Polar's proposal - recursive definition, more difficult to understand Voted to accept Simon-1 proposal as included in 16f   10:46 Schema 16f Proposed Changes Voted to accept change request from Anne: Add an identifier for an Action Attribute that means that the Action to be performed is contained in or implied by the name of the Resource. In context-16f.xsd, the AttributeValue element does not have a DataType xml attribute.   Issue in the attribute be optional rather than required. Spell check: FufillOn - Either 2 L's or 1 L is correct, but 2 L's is preferred spelling. Propose go with 2 L's. Voted to accept change requests from Simon: Issuer of Attribute is xs :string . URI is not appropriate. Typo in schema. Action element reference in Target (was not a global element) Syntax Change - PolicyIdReference , PolicySetIdReference to include other policies in policy set rather than PolicyId and PolicySetId . Currently just an URI but may want to define an element. Typo in schema. DataType attribute for AttributeSelector Pass < SubjectAttributeDesignator > as an argument to <Apply>. Gives more flexibility if don't care about matches. Has helped with conformance tests.     Simon can publish a 16g schema with these changes. Simon's section 5 revisions and examples includes these changes for v16 of spec.   Next TC call will meet a week from today Schedule Issues list for Monday Call   11:00 Meeting Adjourned.