Minutes of OASIS XACML TC meeting: 17-Jul-08
Time: 10:00 am EDT
Tel: 512-225-3050 Access Code: 65998
Proposed Agenda:
10:00 - 10:05 Roll Call & Minutes Approval
Vote on Minutes from 3 July TC Meeting (Corrected)
http://lists.oasis-open.org/archives/xacml/200807/msg00024.html
Roll call:
Voting:
Rich Levinson
Seth Proctor
Anil Saldhana
Erik Rissanen
Tony Nadalin
Bill Parducci
6 of 8 voting is quorum
Non-voting:
Anil Tappetla
Duane DeCouteau (gains voting status)
OASIS:
Jamie Clark
Minutes approval:
Corrected minutes of prev mtg (7/3) Approved.
10:05 - 11:00 Issues
Attribute Designator Parameters
http://lists.oasis-open.org/archives/xacml/200807/msg00008.html
Anil T. plethora of attrs - fcns used by CH vs PDP.
Erik: doesn't think this level of detail in PDP, rather
in the CH part of env
Anil: concern about large number of config type attrs
Seth: agrees context handler PDP - retrieve attrs different
ways; arg for config details as part of policy, if can't
config ch w attr; interested in real world use case
Anil: can provide examples; possible
Seth: agrees w Erik that this is ch config info, not to be
in policy; why config something for individual attr?
Anil: ch config is separate issue
Seth: ch has to get parameter, where does it get helper info?
Anil: it is more than just ch issue
Seth: never come across use case why config for ch must be
part of policy
Anil: example sent out
Defer discussion to next meeting get more input
#88 General Xpath functions
http://lists.oasis-open.org/archives/xacml/200807/msg00016.html
Erik: proposed by Craig - new fcns - gave up on export/import,
now proposing (should be 3.0) adding; couple open issues
do we need uri variance? should substring be able to
extract to end of string? case conversion of international
chars not easy
Bill: URI handling different from strings, regex matches etc.
- also value in neg index, chomping from back of string,
back of string is often valuable for access ctl;
no idea how to approach case sensitivity;
Erik: case conv complex;
Bill: maybe case conv too much;
Bill: edit spec w these additions,
Rich: what is xpath story on 3.0
Erik: this is just new fcns
Bill: more broad read
Bill: Erik will repost proposal; impls have to figure out
the case issue
Bill: maybe include 3 digit lang code?
Erik: maybe locate parameter added to string
Seth: Java used to be a little confused, but now locale-based
and can optionally specify locale.
Rich: maybe this is metadata similar to Anil's prev issue
on "helper parameters"
Seth: maybe default for whole policy; but this metadata
is how to read strings as opposed to prev issue that
was more explicit
Bill: is there problem raising locale to policy level attr?
Erik: diff attrs from diff locales
Bill: Erik will propose
Duration Data Types
http://lists.oasis-open.org/archives/xacml/200807/msg00017.html
Bill: this issue derived from something Seth originally
proposed?
Seth: maybe
Bill: could handle "today - 21 years > subj.birthday" type
discussion?
Erik: concerns that xacml incl data types that are restrictions
on data types, but does not incl more general type; inclined
to keep as is.
Erik: why not ymd instead of just ym
Bill: Seth's original note in 2003 - points out may or may not
solve other needs but didn't have any then; so probably
ok w what we have
XACML Typos/ ipAddress, dnsName functions
http://lists.oasis-open.org/archives/xacml/200807/msg00021.html
Erik: list of fcn identifiers in conformance section missing
items that are in text that defines fcns themselves-
probably typo; just add the "missing" identifier
Erik: other part - do we need set fcns for ip addr and other?
Bill: is regex match sufficient
Erik: 2 use cases: policy want to spec ip addr ok w regex
but do we want intersection of tags of ip addrs?
Probably not? scope?
Erik: just update missing identifiers but don't deal w
missing qualifiers