Note: Dee asked me to write this up, because she had tech problem w computer
and was not able to take full notes. These notes may have missed some
things,
in particular, on the attendance, if you were present and name not included,
please notify me and I will add it, also if anything left out, please
notify.
Note: after this message, I expect all RSA/Interop messages should go to
xacml-demo-tech and/or xacml-demo-mktg only, per OASIS rules for Interops
(note: I cc'd participants from calls that may not have been on prev interop
mail list - everyone should verify on list I will send out test mail to
xacml-demo-tech
only after this - if you don't get email titled "XACML follow up" then
please see if
you can get added to list at
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml#feedback ):
OASIS Interop Rules:
http://www.oasis-open.org/who/interop_demo_policy.php
"7. To facilitate InterOp planning, OASIS staff will create one official
e-mail list for technical participants and a second list for marketing
contacts. Participants may subscribe to one or both lists if they wish.
Archives of these email lists will be accessible by OASIS members only.
In addition, Participants may choose to further restrict list access
only to OASIS staff and the Interop Participants."
The call was held on Thu, Dec, 13, 2007 at the regular conference call #/ID:
(605) 772-3100 505991#
Attendees included:
Hal Lockhart, BEA: Interop Lead / Moderator
Dee Schur, OASIS
Jane Harnad, OASIS
Howard Ting, Securent
Denis Pilipchuk, BEA
Erik Rissanen, Axiomatics
Dilli Dorai, Sun
Rich Levinson, Oracle
David Staggs, SAIC
John Moehrke, GE Healthcare
Others (if you were present and are not on list, please notify)
Logistics:
Location/Dates:
RSA Conference 2008
April 7-11, 2008
Moscone Center
San Francisco, CA
http://www.rsaconference.com/2008/US/Home.aspx
Jane: needs RSA payments soon, each company needs to fill out
registration form.
Dee: Current list of confirmed participants:
Axiomatics AB
BEA Systems
IBM
Oracle
Red Hat
Securent
Symlabs
Sun
Denis: will discounts be available for participants?
Dee:
- discount: participants get exhibitor's pass (does not get
into sessions - don't assume anything free based on Interop).
Speakers often get additional pass privileges.
OASIS members get 20-30% discount on regular admissions
- We have practice room on Sunday, April 6 to prepare for interop
- Everything needs to be ready to go on exhibition floor by
Monday PM
- Different mode than Burton: need to be operational all 5 days M-F
Hal: It should be considered a multi-vendor booth
Dave: it could be a meeting area, have lecture then go from there
Hal: does not think this model would work
Hal/Dee:
- We have 10x30 space rectangular: what we do inside is our decision
- Suggest run slide show on monitor
- Vendor systems will be connected by router to show multi-vendor
interoperability (as at Burton)
Interop technical details:
Rich: gave description of email and attachments (requires OASIS login):
http://www.oasis-open.org/archives/xacml-demo-tech/200712/msg00002.html
Denis: we need to remain flexible and place priorities on the use cases
Dilli: raised 2 issues for which a clarifying/expanded email was sent:
http://www.oasis-open.org/archives/xacml-demo-tech/200712/msg00005.html
1. not clear what standards used to interoperate (SAML-Profile?):
xacml-samlp:AuthzDecisionQuery (this was done at Burton).
xacml-samlp:XACMLPolicyQuery (was not done at Burton - will
need to discuss)
2. central repository or multiple repository (runtime policy
evaluation/obligations)
Hal/Denis: at Burton we had 1 set of policies and each vendor had
own private copy
we basically ran out of time for policy exchange, except by
export to file and import
from file, but did not use policy exchange protocol. That will
need to be revisited
and prioritized for RSA/Interop.
Next meeting:
Thu Dec 20, 2008, 11 AM (same number as above)
next 2 weeks (12/27/07, 1/3/08) will be no call, but expect email
exchanges
to continue as people available to keep momentum going and issues
addressed.