Proposed Agenda for 16 July 09 XACML TC Meeting:
Time: 10:00 am EDT
Tel: 512-225-3050 Access Code: 65998
Note: GeoXACML Presentation Today: See Details Below
10:00 - 10:05 Roll Call & Approve Minutes
2 July 2009 TC Meeting
http://lists.oasis-open.org/archives/xacml/200907/msg00004.html
Erik Rissanen
Paul Tyson
Bill Parducci
Rich Levinson
Hal Lockhart
Seth Proctor
David Staggs
Duane DeCouteau
Gareth Richards
Guest: Jan Herrmann
Have quorum
10:05 - 10:15 Administrivia
Discuss Agenda: As normal, issues are below: unless there are items that
need immediate attention, it is suggested that, aside from announcements,
we delay issues until next time and proceed with the presentation.
Concordia/Catalyst - Identity Workshop (July 27, San Diego)
http://projectconcordia.org/index.php/Catalyst_pre-conference_workshop_agenda
http://lists.oasis-open.org/archives/xacml/200907/msg00005.html
Concordia/Catalyst - July 27-31 (San Diego) -
Invite for informal get-together for TC members and others
http://lists.oasis-open.org/archives/xacml/200906/msg00024.html
Open Document Format for Office Applications Document Controls Profile
(09-06-26-proposal00079) uploaded
http://lists.oasis-open.org/archives/xacml/200907/msg00003.html
Export Control - U.S. (EC-US)
(xacml-3.0-ec-us-v1-spec-cd-01-en.doc) uploaded
http://lists.oasis-open.org/archives/xacml/200907/msg00006.html
XSPA Profile of XACML v2.0 for Healthcare
(xacml-xspa-1 0-cd04.doc) uploaded
http://lists.oasis-open.org/archives/xacml/200907/msg00013.html
TBD: TC authorize a vote to promote the Committee
Draft with these edits to Committee Specification
Take vote for Mary to create a ballot
TC agrees chgs not substantive
David moves chgs not substantive and that electronic
vote
Duane seconds
No discussion
Any objections to unanimous consent
Erik: any refs that need updating
Hal: no other docs refer to this, does this refer to others
amend to say we will adjust refs to point to updated refs
at time of release.
Dave amends
Duane seconds
Any objections for ballot w amendment
No objections
It carries
10:15 - 11:00 Presentation
(As indicated at last TC mtg/minutes, we have invited presenter.
Slides are available from link below, and TC members are advised
to review prior to presentation, so questions and comments
might be prepared in advance)
Jan Herrmann (Chair: GeoXACML SWG) will present and discuss:
Design Options for GeoXACML:
Access Control for OGC Web Services with (Geo)XACML
http://lists.oasis-open.org/archives/xacml/200906/msg00023.html
Updated presentation at:
http://lists.oasis-open.org/archives/xacml/200907/msg00016.html
Jan introduces xacml
slide 1 - Title/credits
slide 2 - introduce to ways OWS data represented/ pre/post
slide 3 - fine grain, content dependent, spatial, env-ctx-dep
slide 4-7 - examples of rules
slide 8 - pre process both req & rsp (i.e. ws rsp not pdp rsp)
slide 9 - hi level arch req/rsp both go thru pep
slide 10 - 2 approaches: attr-desig, attr-sel
slide 11 - attr-des; destroys structure, atomic data
slide 12 - ex shows attr-des probs, bldg objects ambiguities
generate coarse grain objects; lose ref info
slide 13 - also can't use w/o intro of lots of URNs
slide 14 - conclude attr desig not good enough
slide 15 - propose attr selector, no URNs,
no attr instantiate in PEP
conclude: need attr sel
another doc link on portal
slide 16-18 skipped; old web svc kvp encoding (not in new slides)
slide 19 - how to write rules
slide 20 - right side websvc response; need to apply rules
on what can be shown to user
slide 21 - xpath predicates; limited expressiveness for doing
comparisons etc.; filter not possible
slide 22 - mult/hier prof approach; pep gen global acdr, referring
to resources; res-id pts to root; scope is all
descendant nodes; pdp will derive ind requests;
scope deleted, not needed; prelim
slides in pres mode see ids changing
if all rules ref feature members don't need to go
down all tree branches
reg expr refer to featue member nodes; can use attr
selector;
slide 23 - summary of advantages: can use all xacml/geoxacml fcns;
flexible use of pointers;
performance; looks difficult but can be optimized
slide 24 - xpath expr analysis
slide 25 - xpath node match: same limits as attr-selector
slide 26 - summary capabilities of options
slide 27 - post processing limits
slide 28 - pre-process limits; object type: building, props: owner,
price, location; filter can't be used properly
slide 29/26 - pep adds obligation; query rewrite to backend by pep
slide 30/27 - advantages: avoid post processing issues; rewritten
queries guarantee filter data not returned
disadvantages; unexpected svc behavior
slide 31/28 - wfs lang does not allow filters; need to do 2nd ac step
slide 32/29 - both approaches have +,- depends on semantics of appl etc.
slide 30 (new only) - recommendation; order of params, etc
new "category" of attrs action/res combo?
attr bags
slide 31 (new only) - more recommendations - eng report is public
and we can review. hard to write chg requests; would
rewrite profiles completely; might be better to have
a web svc profile containing these two; more general
non-xml resources; so generic so many ways to read
profiles; should limit generality
if do geo profile; how to use underlying profiles
Erik: re: new p 78,66 Jan: allows element nodes gone;
Hal: we should discuss on list, possibly Jan can have another visit
after we have processed the info further and/or address
questions raised on list (TBD)
Hal: meeting adjourned 11:20
10:15 - 11:00 Issues (propose to postpone discussion until next mtg)
relax-ng grammar for xacml
http://lists.oasis-open.org/archives/xacml/200907/msg00002.html
XSPA Profile of XACML v2.0 for Healthcare / Action Item from 2-Jul-09
(has updated attached spreadsheet)
http://lists.oasis-open.org/archives/xacml/200907/msg00009.html
x.500 (new concerns on same issue from prev mtgs)
http://lists.oasis-open.org/archives/xacml/200907/msg00010.html
Comments on: Open Document Format Office Appl Controls Profile
http://lists.oasis-open.org/archives/xacml/200907/msg00012.html