Time: 13:00 EDT Tel: 513-241-0892 Access Code: 65998 Minutes for 19 May 2011 XACML TC Meeting: I. Roll Call Voting Members Erik Rissanen Axiomatics Abbie Barbir Bank of America Paul Tyson Bell Helicopter Textron Inc. Doron Grinstein BiTKOO David Choy EMC Remon Sinnema EMC Sridhar Muppidi IBM Gregory Neven IBM Franz-Stefan Preiss IBM Jan Herrmann Individual Bill Parducci* Individual Anthony Nadalin Microsoft Rich Levinson Oracle Hal Lockhart Oracle John Tolbert The Boeing Company Members David Brossard Axiomatics hal: have quorum & Approve Minutes: 5 May 2011 TC Meeting
http://lists.oasis-open.org/archives/xacml/201105/msg00022.html hal: minutes approved no objection II. Administrivia hal: still meeting weekly, although skipped last week "ITU-T Files of Interest" Update abbie: action from ITU-T - another month may need some assistance on technical editing EIC 2011 award (European Identity Conference) Announcement
http://lists.oasis-open.org/archives/xacml/201105/msg00032.html Video
http://lists.oasis-open.org/archives/xacml/201105/msg00034.html hal: xacml won 3 awards; 1 major, 2 specific bitkoo, axiomatics both were giving demo general upsurge in interest XACML v3.0 Webinar
http://lists.oasis-open.org/archives/xacml/201105/msg00029.html hal: no chgs; F2F: start talking details hal: not in calendar yet; scheduled 28-30 Jun in Lexington, MA, or/and Burlington, MA (1 exit away) current working draft: III. Issues Active on List Indeterminate Policy Target handling
http://lists.oasis-open.org/archives/xacml/201105/msg00041.html hal: are there still rich: current algorithm requires input of decisions array erik: doesn't think evaluating children first should impact performance. hal: rich's position doesn't currently have any additional support, but can consider continuing discussion on a separate implementation strategy thread. erik: will continue working on preparing draft based on current state Attribute Predicates: Attribute predicate Profile for SAML and XACML
http://lists.oasis-open.org/archives/xacml/201104/msg00080.html greg: posted doc to saml group; should we post a link to the saml draft hal: suggest posting the doc to our list as well greg: in summary; one attribute predicate per assertion; only one response; made details more specific; removed local and global variables; will crosspost doc; greg: there was question by Ray about authorization based access control; allows user of one domain to access resource of other domain; other domain will say whether ok, and avoids the need to agree on attributeIds; greg: policy on which decision is based will be hosted on same domain that resource is based. ray: agrees; greg: so then attrIds should be agreed? thing that threw off was paper said domains didn't have to agree on attr-ids ray: does not know exactly where the quote being questioned is in doc? greg: will provide info on that to list greg: needs feedback on predicate strategies; here is link to saml email that announced doc:
http://lists.oasis-open.org/archives/security- services/201105/msg00023.html Specifying a specific associated Resource in a Policy (Sticky Policies)
http://lists.oasis-open.org/archives/xacml/201103/msg00012.html hal: would like people to look at this to determine what the reqts people see for sticky policies New Issue: REST profile david (from axiomatics): would like to start discussing hal: any other issues? none for today next mtg may 26 IV. Carryover Issues (last posting listed) XACML Metadata
http://lists.oasis-open.org/archives/xacml/201105/msg00004.html Break The Glass Profile
http://lists.oasis-open.org/archives/xacml/201104/msg00082.html Profile Examples (Hierarchy)
http://lists.oasis-open.org/archives/xacml/200910/msg00024.html PIP directive (additional information directives)
http://lists.oasis-open.org/archives/xacml/201010/msg00005.html Usage of status:missing-attribute in case of an AttributeSelector
http://lists.oasis-open.org/archives/xacml/201104/msg00003.html "Web Friendly" Policy Ids
http://lists.oasis-open.org/archives/xacml/201103/msg00046.html