OASIS eXtensible Access Control Markup Language (XACML) TC

Minutes for 31 October 2013 TC Meeting

  • 1.  Minutes for 31 October 2013 TC Meeting

    Posted 10-31-2013 21:25
    ******************************************* NOTE: new time for  next XAMCL TC meeting (Nov 14, 2013) and onward: 14:30 EST 11:30 PST 6:30 NZDT ******************************************* Time: 16:30 EDT (GMT-0400) Tel: 513-241-0892 Access Code: 65998 Minutes for 31 October 2013 TC Meeting I. Roll Call & Minutes Voting Members Crystal Hayes Mohammad Jafari Steven Legg Rich Levinson Hal Lockhart Chair Bill Parducci Chair Remon Sinnema John Tolbert Voting Members: 8 of 10 (80%) (used for quorum calculation) bill: we have quorum Approve Minutes: 17 October 2013 TC Meeting https://lists.oasis-open.org/archives/xacml/201310/msg00024.html hal: minutes approved unanimously; no objections heard II. Administrivia Meeting Time Change 14 November 2013-> from above minutes: scheduled time for XACML TC meeting starting 14 November 20013 to be: 14:30 EST 11:30 PST 6:30 NZDT also: following 2 mtgs are cancelled for upcoming holidays: Canceled: 28 November 2013 XACML TC mtg Canceled: 26 December 2013 XACML TC mtg DLP-NAC profile uploaded: from minutes: John: We have asked for more concrete Use Cases to be inserted into the Profile to likewise give the TC tangible requirements against. https://lists.oasis-open.org/archives/xacml/201310/msg00027.html john: nextlabs has some use cases he is trying to include XACML v3.0 Related and Nested Entities Profile Version 1.0 uploaded https://lists.oasis-open.org/archives/xacml/201310/msg00028.html comments: john: https://lists.oasis-open.org/archives/xacml/201310/msg00029.html steven: https://lists.oasis-open.org/archives/xacml/201310/msg00030.html mohammad: https://lists.oasis-open.org/archives/xacml/201310/msg00031.html steven: https://lists.oasis-open.org/archives/xacml/201310/msg00035.html https://lists.oasis-open.org/archives/xacml/201310/msg00036.html john: https://lists.oasis-open.org/archives/xacml/201310/msg00038.html steven: follow-up to attrs of rels thread: addresses attribute flattening moved more from programmatic to declarative representation normally interested in boolean result conditions: improve syntax also returning obls went thru doc section by section: 2 Quantified Expressions 7 2.1 ForAny _expression_ 7 2.2 ForAll _expression_ 8 2.3 Map _expression_ 8 2.4 Select _expression_ 9 3 The Entity Data-type 10 3.1 Examples of Entity Values (non-normative) 10 4 Functions 13 4.1 The attribute-designator function 13 4.1.1 Example (non-normative) 13 4.2 The attribute-selector function 14 4.3 The entity-one-and-only function 15 4.4 The entity-bag-size function 15 4.5 The entity-bag function 16 5 Examples (non-normative) 17 5.1 Matching Values in a Bag 17 5.2 Access Subject Relationships 18 5.3 Table-driven Policy _expression_ 21 5.3.1 Table-driven Policy _expression_ Using XACML Attributes 22 5.3.2 Table-driven Policy _expression_ Using XML 25 hal: comments? john: namespace collisions? canonicalization things? is there issue, for example w attrs defined in ipc profile? hal: in mathematics: range is input allowed, domain is output allowed hal: members should review in detail and next mtg we should have substantive discussion Request / Response Interface based on JSON and HTTP for XACML 3.0 Version 1.0 15-day public review announced: https://lists.oasis-open.org/archives/xacml/201310/msg00032.html hal: may want to progress for CS at next call then send as part of group XACML MAP Authorization Profile WD3 uploaded https://lists.oasis-open.org/archives/xacml/201310/msg00034.html hal: update to profile john: should be final iteration for wd; looking to move toward csd and pub rev. additional item: possible interop (dept homeland security): john: xacml interop: martin smith: washington dc; looking to see if members willing to re-run rsa demo; hal: people could do over internet; vs rsa where people are already there, so attractive for vendors john: govt looking to make this public event in govt-specific manner, maybe 3-4 months after 1st of year hal: there were issues raised last summer outside tc and is that something that needs to be addressed john: symantec may have some interest in participating hal: had offline disc w bill on 80/20 dialect of xacml, maybe that might drive adoption more john: please notify if there is interest hal: john will post more details to list john: will post at time tbd; still discussing w other parties III. Issues RuleID (question: additional comments since last mtg) hal: https://lists.oasis-open.org/archives/xacml/201310/msg00037.html hal: only used in combining algs for policies, only have to be unique within policy rich: ruleid defn as string in xsd, vs other id's that are anyURI IP Address comparisons: from minutes: ACTION ITEM: Hal will write up some example functions for comparison to begin discussion. https://lists.oasis-open.org/archives/xacml/201310/msg00011.html hal: will try for next mtg to post IV. Other business: meeting adjourned 5:12 PM EDT note: new time for next meeting and onward: 14:30 EST -- Thanks, Rich Rich Levinson Internet Standards Security Architect Mobile: +1 978 5055017 Oracle Identity Management 45 Network Drive Burlington, Massachusetts 01803 Oracle is committed to developing practices and products that help protect the environment