Note "->" points at action items along the way:
1 Roll Call:
Voting Members:
Erik Rissanen
Rich Levinson
Anil Saldhana
Seth Proctor
David Staggs
Bill Parducci
Prateek Mishra
Others
Dee Schur
Prasad Rh... (securent) (apologies: difficult connection to get name)
2 Administrivia:
Minutes from 25-Oct-07: vote on approval delayed until next mtg due to
tech
logistic difficulties establishing quorum.
Review plans for RSA 2008:
Dee sent out email w proposed scenarios just prior to meeting:
http://lists.oasis-open.org/archives/xacml/200711/msg00005.html
Discussion:
Dee: memo provides scenarios, has been working on it w David, Dee
said Tony
looked at it and was comfortable. Prateek has comments - Dee
thinks can work
w Liberty.
Dee,Dave: scenarios can be modified and refined; Dave will do
ongoing scenario
work.
Prateek,Dee,Dave: identify gaps w privacy etc. that IGF Liberty
is addressing:
http://lists.oasis-open.org/archives/xacml/200711/msg00006.html
Dave: there is context article from 2005 on xacml tc home page
list of refs using
-> xacml for privacy controls - Dave will put specifics in an email
to tc so people
know what and where to look for this and other supporting info.
Rich, Anil: what's really needed for participants to evaluate is
a proposed set of
actual messages that would be exchanged identifying details
that will be brought
out in proposed demo. i.e. the high level sketch is not enough
- participants need
to know, similar to the Burton Interop, structurally what the
message exchange
and capabilities of xacml that will be utilized.
Anil: interested in applicability of xacml, rather than
emphasizing privacy, focus on
general health care industry.
Dee: doesn't want it too broad. Is interested in focusing on
privacy and applicability
to other vertical industries. i.e. health care is example, but
privacy is broad concern
to other industries - i.e. narrow capabilities w broad appeal,
vs broad appl w
narrow appeal
Dee: needs to get closure because RSA space needs to be paid for
Prateek: would like to see delta from last interop doc.
Bill: looking at time critical - RSA needs scenario to review.
Want to post a time
and place for getting closure w the group.
-> Bill: propose call next Tue Nov 13 at 10 AM EST - will send out email.
Call for papers: OASIS IDtrust
Dee: Organization - used to be PKI forum
http://lists.oasis-open.org/archives/xacml/200711/msg00002.html
Associated w NIST symposium:
http://lists.oasis-open.org/archives/xacml/200709/msg00015.html
3 Issues
Issue 87: CORE ERRATA: resource:xpath needs to be addedin B.6,
plus fix needed for 4.2.2 example - updated
Rich sent out email describing issue w proposal for resolution:
http://lists.oasis-open.org/archives/xacml/200711/msg00004.html
Rich: bottom line: resource:xpath was left out of XACML 2.0 core defns
in sec b.6. As a result there is great ambiguity how to interpret
examples
in core spec as raised by Niko in xacml-dev:
http://lists.oasis-open.org/archives/xacml-dev/200710/msg00000.html
If the suggested fix is agreed to, then there is minimal impact
on core spec
except some of the actual xpaths may need to be adjusted based on the
resolution and Niko has indicated they have some errors w "/"
usage that
needs to addressed in any case.
Bottom line here is that this example is extremely critical for
proper understanding
of the core document, and when highly technical developers such
as Niko get
into the details, some key ambiguities and outright lack of any
obvious way to
interpret the whole collection of xpaths that permeate the
examples is brought
into question. Therefore, this really needs to be looked at and
agreement
reached and corrections applied.
-> anyone interested in helping to resolve, please review issue 87 on
wiki plus
Rich's email above. Issue on wiki has links to other emails
describing lots
of details and multiple possible courses of actions. However,
above email
proposes a specific course of action that needs to be evaluated.
4 Other business:
Anil: saml group has been provided with focus on xml.org:
Dee: don't need to be oasis member to participate in focus group.
Idea is that a group "gathers" to be editors, submitters, etc.
Dee is about to launch ID Trust area. - a place to interact
w non-members. Carol Geyer is main overall coordinator.
Address concerns about consolidation of info related to subject
on xml.org web site:
http://www.xml.org/