OASIS eXtensible Access Control Markup Language (XACML) TC

Minutes: 8-Nov-07 XACML TC meeting

  • 1.  Minutes: 8-Nov-07 XACML TC meeting

    Posted 11-09-2007 03:07
    Note "->" points at action items along the way:
    
    1 Roll Call:
    
       Voting Members:
        Erik Rissanen
        Rich Levinson
        Anil Saldhana
        Seth Proctor
        David Staggs
        Bill Parducci
        Prateek Mishra
    
       Others
        Dee Schur
        Prasad Rh... (securent) (apologies: difficult connection to get name)
    
    2 Administrivia:
    
      Minutes from 25-Oct-07: vote on approval delayed until next mtg due to 
    tech
        logistic difficulties establishing quorum.
    
      Review plans for RSA 2008:
    
        Dee sent out email w proposed scenarios just prior to meeting:
           http://lists.oasis-open.org/archives/xacml/200711/msg00005.html
    
        Discussion:
           Dee: memo provides scenarios, has been working on it w David, Dee 
    said Tony
                looked at it and was comfortable. Prateek has comments - Dee 
    thinks can work
                w Liberty.
            Dee,Dave: scenarios can be modified and refined; Dave will do 
    ongoing scenario
              work.
           Prateek,Dee,Dave: identify gaps w privacy etc. that IGF Liberty 
    is addressing:
              http://lists.oasis-open.org/archives/xacml/200711/msg00006.html
           Dave: there is context article from 2005 on xacml tc home page 
    list of refs using
    ->      xacml for privacy controls - Dave will put specifics in an email 
    to tc so people
              know what and where to look for this and other supporting info.
           Rich, Anil: what's really needed for participants to evaluate is 
    a proposed set of
              actual messages that would be exchanged identifying details 
    that will be brought
              out in proposed demo. i.e. the high level sketch is not enough 
    - participants need
              to know, similar to the Burton Interop, structurally what the 
    message exchange
              and capabilities of xacml that will be utilized.
           Anil: interested in applicability of xacml, rather than 
    emphasizing privacy, focus on
              general health care industry.
           Dee: doesn't want it too broad. Is interested in focusing on 
    privacy and applicability
              to other vertical industries. i.e. health care is example, but 
    privacy is broad concern
              to other industries - i.e. narrow capabilities w broad appeal, 
    vs broad appl w
              narrow appeal
           Dee: needs to get closure because RSA space needs to be paid for
           Prateek: would like to see delta from last interop doc.
           Bill: looking at time critical - RSA needs scenario to review. 
    Want to post a time
              and place for getting closure w the group.
    
      ->  Bill: propose call next Tue Nov 13 at 10 AM EST - will send out email.
    
      Call for papers: OASIS IDtrust
       Dee: Organization - used to be PKI forum
           http://lists.oasis-open.org/archives/xacml/200711/msg00002.html
         Associated w NIST symposium:
           http://lists.oasis-open.org/archives/xacml/200709/msg00015.html
    
    3 Issues
    
      Issue 87: CORE ERRATA: resource:xpath needs to be addedin B.6,
        plus fix needed for 4.2.2 example - updated
        Rich sent out email describing issue w proposal for resolution:
           http://lists.oasis-open.org/archives/xacml/200711/msg00004.html
    
        Rich: bottom line: resource:xpath was left out of XACML 2.0 core defns
           in sec b.6. As a result there is great ambiguity how to interpret 
    examples
           in core spec as raised by Niko in xacml-dev:
              
    http://lists.oasis-open.org/archives/xacml-dev/200710/msg00000.html
           If the suggested fix is agreed to, then there is minimal impact 
    on core spec
           except some of the actual xpaths may need to be adjusted based on the
           resolution and Niko has indicated they have some errors w "/" 
    usage that
           needs to addressed in any case.
    
           Bottom line here is that this example is extremely critical for 
    proper understanding
           of the core document, and when highly technical developers such 
    as Niko get
           into the details, some key ambiguities and outright lack of any 
    obvious way to
           interpret the whole collection of xpaths that permeate the 
    examples is brought
           into question. Therefore, this really needs to be looked at and 
    agreement
           reached and corrections applied.
    
     -> anyone interested in helping to resolve, please review issue 87 on 
    wiki plus
           Rich's email above. Issue on wiki has links to other emails 
    describing lots
           of details and multiple possible courses of actions. However, 
    above email
           proposes a specific course of action that needs to be evaluated.
    
    4 Other business:
    
        Anil: saml group has been provided with focus on xml.org:
        Dee: don't need to be oasis member to participate in focus group.
           Idea is that a group "gathers" to be editors, submitters, etc.
           Dee is about to launch ID Trust area. - a place to interact
           w non-members. Carol Geyer is main overall coordinator.
           Address concerns about consolidation of info related to subject
           on xml.org web site:
    
              http://www.xml.org/