OASIS eXtensible Access Control Markup Language (XACML) TC

Minutes of XACML TC Meeting 30 August 2007

1  Roll Call & Minutes
     Attendees
      Hal Lockhart (Co-chair)
      Bill Parducci (Co-chair, minutes)
      Erik Rissanen
      Anthony Nadalin
      Seth Procter
      Ron Williams
      Anil Saldhana
      David Staggs
      Anil Tabbepla (Observer, Securent)

      Quorum achieved (72% per Kavi)

    Approval of Minutes
     Vote on approval of 16 August TC meeting minutes
     APPROVED: UNANIMOUS CONSENT

2  Administrivia

    Editorial update Drafts uploaded and contain the latest approved
    changes.

    XACML v3.0 timing
    -----------------
    Hal offered that the TC should consider
    incorporating the broader scope of features discussed by the TC
    and not releasing a delegation centric release given the effects
    and effort associated with a release. The general consensus of the
    TC is that the list of outstanding issues be reviewed individually,
    Champions defined and the final cutoff list for v3 be made by the
    next meeting.

    Erik offered that the Issues list be split between a v3 list and a
    post 3.0 list to keep things cleaner. Numbering will remain the
    same.

    Hal noted that he will be attending the Jericho Forum in September.

    Rich posted his Summary on the Interop to the list for review.

3  Issues

    #12 Erik suggested that generalized Obligations be withdrawn because
        from 3.0 because there wasn't activity by others on the list.
        Hal voiced interest in reengaging the topic within the TC.

    #23 Hal stated that this work in progress.

    #62 Hal stated that this work in progress.

    #66 Rich discussed how "missing attributes" was not well adopted
        during the Interop and that this area needs better definition
        to be applicable--normative definition.  Seth offered to assist
        with creating documentation to address usage/implementation
        patterns.

    #67 This requires Xpath expertise. The TC is looking for someone

    #71 Hal will evaluate possible solutions and comeback to the TC with
        a proposal or suggestion to defer.

    #72 The issue of where policies supplied in a 3.0 XACML-SAML access
        request end up in the PDP in relation to other policies already
        present in the PDP is currently not specified. Erik will work on
        a proposal for this.

    #75 Rich will evaluate this issue and comeback to the TC with a
        proposal or suggestion to defer.

    #76 	Hal and Erik will evaluate this issue and come back to the TC
         with a proposal or suggestion to defer.

    Trusted Issuer
    --------------
    Erik offered that this is not necessary because its
    use is not clear and adds undue complexity. Hal offered that the the
    TC hold off making this change and give the members a chance to
    consider this for a few weeks before removing. Erik also offered
    that the trusted issuer be required (he will post a note on this to
    the list.)

    V2 Compatibility
    ----------------
    Hal voiced concern about how providing backward compatibility
    affects acceptance and adoption of a new specification. Attribute
    selectors do not have a mechanism for compatibility so Hal was
    willing to concede that v3 would not be compatible with v2 attribute
    selection mechanisms.

    Seth asked for clarification on the normative requirements of
    "compatibility". The general consensus is that this issue is limited
    to the changes in XPath expressions with respect to the Context
    Handler.

    The TC needs to agree on how to limit the scope of the required 2.0
    compatibility. The current draft spec has a normative requirement  
which
    is believed to be impossible to implement fully.

    V3 "Diff" Documentation
    -----------------------
    Rich is working to compile a delta between v2 and v3 features. Erik
    offered to review this directly with him.

meeting adjourned.

I have promised to look at #67, but was out of town/time recently.
Whatever language we come up with - I should probably review it on the
XPath working group - we have a face to face in early October.  They are
usually very helpful with reviewing standards referencing XPath/XQuery.

Daniel;



                                                

					
                                                    

        
                                                
				
                                                

                                                    
                                                        
                                                        Original Message
                                                
                                                Original Message-----
From: bill parducci [mailto:bill@parducci.net] 
Sent: Thursday, August 30, 2007 9:26 AM
To: XACML TC
Subject: [xacml] Minutes of XACML TC Meeting 30 August 2007

Minutes of XACML TC Meeting 30 August 2007

1  Roll Call & Minutes
     Attendees
      Hal Lockhart (Co-chair)
      Bill Parducci (Co-chair, minutes)
      Erik Rissanen
      Anthony Nadalin
      Seth Procter
      Ron Williams
      Anil Saldhana
      David Staggs
      Anil Tabbepla (Observer, Securent)

      Quorum achieved (72% per Kavi)

    Approval of Minutes
     Vote on approval of 16 August TC meeting minutes
     APPROVED: UNANIMOUS CONSENT

2  Administrivia

    Editorial update Drafts uploaded and contain the latest approved
    changes.

    XACML v3.0 timing
    -----------------
    Hal offered that the TC should consider
    incorporating the broader scope of features discussed by the TC
    and not releasing a delegation centric release given the effects
    and effort associated with a release. The general consensus of the
    TC is that the list of outstanding issues be reviewed individually,
    Champions defined and the final cutoff list for v3 be made by the
    next meeting.

    Erik offered that the Issues list be split between a v3 list and a
    post 3.0 list to keep things cleaner. Numbering will remain the
    same.

    Hal noted that he will be attending the Jericho Forum in September.

    Rich posted his Summary on the Interop to the list for review.

3  Issues

    #12 Erik suggested that generalized Obligations be withdrawn because
        from 3.0 because there wasn't activity by others on the list.
        Hal voiced interest in reengaging the topic within the TC.

    #23 Hal stated that this work in progress.

    #62 Hal stated that this work in progress.

    #66 Rich discussed how "missing attributes" was not well adopted
        during the Interop and that this area needs better definition
        to be applicable--normative definition.  Seth offered to assist
        with creating documentation to address usage/implementation
        patterns.

    #67 This requires Xpath expertise. The TC is looking for someone

    #71 Hal will evaluate possible solutions and comeback to the TC with
        a proposal or suggestion to defer.

    #72 The issue of where policies supplied in a 3.0 XACML-SAML access
        request end up in the PDP in relation to other policies already
        present in the PDP is currently not specified. Erik will work on
        a proposal for this.

    #75 Rich will evaluate this issue and comeback to the TC with a
        proposal or suggestion to defer.

    #76 	Hal and Erik will evaluate this issue and come back to
the TC
         with a proposal or suggestion to defer.

    Trusted Issuer
    --------------
    Erik offered that this is not necessary because its
    use is not clear and adds undue complexity. Hal offered that the the
    TC hold off making this change and give the members a chance to
    consider this for a few weeks before removing. Erik also offered
    that the trusted issuer be required (he will post a note on this to
    the list.)

    V2 Compatibility
    ----------------
    Hal voiced concern about how providing backward compatibility
    affects acceptance and adoption of a new specification. Attribute
    selectors do not have a mechanism for compatibility so Hal was
    willing to concede that v3 would not be compatible with v2 attribute
    selection mechanisms.

    Seth asked for clarification on the normative requirements of
    "compatibility". The general consensus is that this issue is limited
    to the changes in XPath expressions with respect to the Context
    Handler.

    The TC needs to agree on how to limit the scope of the required 2.0
    compatibility. The current draft spec has a normative requirement  
which
    is believed to be impossible to implement fully.

    V3 "Diff" Documentation
    -----------------------
    Rich is working to compile a delta between v2 and v3 features. Erik
    offered to review this directly with him.

meeting adjourned.

Notice:  This email message, together with any attachments, may contain information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated entities,  that may be confidential,  proprietary,  copyrighted  and/or legally privileged, and is intended solely for the use of the individual or entity named in this message. If you are not the intended recipient, and have received this message in error, please immediately return this by email and then delete it.