OASIS eXtensible Access Control Markup Language (XACML) TC

  • 1.  EIC 2012 - representing the XACML TC

    Posted 04-09-2012 16:12
    Dear all, As Rich pointed out, I volunteered to represent the TC at EIC in Munich in a fortnight. If there is particular work items you would like to put forward, please do let me know. If there are upcoming XACML events you want me to mention, please do tell me as well. Kind regards, David. On Mon, Apr 9, 2012 at 6:04 PM, rich levinson < rich.levinson@oracle.com > wrote: Time: 13:00 EDT (GMT-0400) Tel: 513-241-0892 Access Code: 65998 Minutes for 5 April 2012 TC Meeting: (2nd update w 2nd attendance correction)  Thanks to Danny Thorpe of Quest Software for collecting   the details that are used as the basis for these minutes. I  Roll Call Voting Members        Crystal Hayes   The Boeing Company        Richard Hill    The Boeing Company        Rich Levinson   Oracle        Hal Lockhart    Oracle        Bill Parducci   Individual        Remon Sinnema   EMC        Danny Thorpe    Quest Software        John Tolbert    The Boeing Company        Paul Tyson      Bell Helicopter Textron Inc. Members        Erik Rissanen   Axiomatics   Approve Minutes:   Since no quorum at Mar 22 mtg, still need to approve Mar 8 minutes:   8 March 2012 TC Meeting     http://lists.oasis-open.org/ archives/xacml/201203/ msg00006.html   22 March 2012 TC Meeting     http://lists.oasis-open.org/ archives/xacml/201203/ msg00014.html     Accepted minutes from prev 2 meetings.      No objections to unanimous consent. II. Administrivia   Speaking opportunity for XACML TC at European Identity Conf (EIC)    in Munich 17 April: Jane wanted to know by 3/30, but let's discuss    if any interest, then can find out if still available:     http://lists.oasis-open.org/ archives/xacml/201203/ msg00015.html        dave broussard signed up for EIC speaking   XACML Core v3.0 WD-23 uploaded: still open issue as to what the    baseline for this rev is: i.e. did not seem to match w wd22.    See mtg minutes for more detail:     http://lists.oasis-open.org/ archives/xacml/201203/ msg00014.html    original wd-23 notice:     http://lists.oasis-open.org/ archives/xacml/201203/ msg00007.html        ready to vote to CSD wd23? (hal)        Recent diffs make it difficult to review changes,         need to discuss changes in identity wording (rich)        Typography issues need to be fixed prior to CSD?         (eric, ray fine without font changes)        Move to take wd23 to CSD (eric) seconded (ray)        Do cross references need to be updated now?          How did we do it last time?        Defer vote for CSD to next call to allow time to research,         address cross references        Urge everyone to review docs,         be prepared for CSD vote on next call   New item (rich): off list request rcvd from Oded Sofer of IBM    asking when XACML 3.0 expected to be released:     hal: indicated that while ind members may express their        opinions on projected dates, it is the TC process itself,        and the TC, as a whole, that determines the actual        schedule.     interested parties may refer to the OASIS Technical Committee        Approval Process to provide a basis for understanding where        in the process a specific spec is, and what remains for        its final approval:           http://www.oasis-open.org/ policies-guidelines/tc- process#standApprovProcess     also noted: do existing attestions need to reattest in light of         recent edits to spec? (rich, hal) - we will revisit this         as we move along in the process - no issues expected, but         it may be prudent to reissue the attestations referring to         the specific version being referred to. III. Issues   XACML Media Types (last mtg members asked to review the comments)   (Comment: Erik)   http://lists.oasis-open.org/ archives/xacml/201203/ msg00008.html        Ray to update document for next call        (john) no way to exchange request (collection of attributes)         without a compete decision request around it        How does PDP get all xacml attributes from, say, PIP?        (hal) Note recent proposal in SAML TC.        (john) could suffice, but can that handle non-subject attributes?        (john) Among the collection of media types defined,         there appears to be a gap        (hal) can be extended later        (ray) media types we have so far should be enough for         the REST profile   XACML Core v3.0 Comments   (Comment: Remon) also added comment in minutes about diagram     needs minor fix)   http://lists.oasis-open.org/ archives/xacml/201203/ msg00009.html   XACML v3.0 Open Items   Issues list:   http://lists.oasis-open.org/ archives/xacml/201202/ msg00001.html   Issue #3:  Combining Algorithm    general consensus is to create a separate Profile; erik to author     Eric posted a proposal for this comb alg as a separate profile.      Needs review.   Issue #4 Context Handler    update in latest draft wd-23: members should review   Issue #8 Schema Anomalies ("choice element" or "Policy w no Rules")     rich has action to post to wiki details of this issue and what      suggested action will be.        Meeting adjourned approx: 1:35        Next call April 19 ------------------------------ ------------------------------ --------- To unsubscribe, e-mail: xacml-unsubscribe@lists.oasis- open.org For additional commands, e-mail: xacml-help@lists.oasis-open. org -- Axiomatics AB Skeppsbron 40 S-111 30 Stockholm, Sweden http://www.linkedin.com/companies/536082 http://www.axiomatics.com http://twitter.com/axiomatics


  • 2.  Re: EIC 2012 - representing the XACML TC

    Posted 04-19-2012 14:51
      |   view attached
    Dear all, Just to give you a bit of feedback on the OASIS EIC workshop. I won't be on today's call due to prior commitments. The workshop went really well with a good intro by John Sabo of CA and Mike Small of Kuppinger Cole and then contributions from various TCs including OASIS's Identity in the Cloud TC, the Privacy Management Reference Model (PMRM) TC, and the XACML TC. In the slides I presented, I chose to introduce 3 possible ways authorization in the cloud could be tackled. I've attached the slides for your benefit. I think attendees were excited by the possibility of using context in authorization as well as having a single centralized point of management. Please find the slides attached. Cheers, David. On Mon, Apr 9, 2012 at 6:11 PM, David Brossard < david.brossard@axiomatics.com > wrote: Dear all, As Rich pointed out, I volunteered to represent the TC at EIC in Munich in a fortnight. If there is particular work items you would like to put forward, please do let me know. If there are upcoming XACML events you want me to mention, please do tell me as well. Kind regards, David. On Mon, Apr 9, 2012 at 6:04 PM, rich levinson < rich.levinson@oracle.com > wrote: Time: 13:00 EDT (GMT-0400) Tel: 513-241-0892 Access Code: 65998 Minutes for 5 April 2012 TC Meeting: (2nd update w 2nd attendance correction)  Thanks to Danny Thorpe of Quest Software for collecting   the details that are used as the basis for these minutes. I  Roll Call Voting Members        Crystal Hayes   The Boeing Company        Richard Hill    The Boeing Company        Rich Levinson   Oracle        Hal Lockhart    Oracle        Bill Parducci   Individual        Remon Sinnema   EMC        Danny Thorpe    Quest Software        John Tolbert    The Boeing Company        Paul Tyson      Bell Helicopter Textron Inc. Members        Erik Rissanen   Axiomatics   Approve Minutes:   Since no quorum at Mar 22 mtg, still need to approve Mar 8 minutes:   8 March 2012 TC Meeting     http://lists.oasis-open.org/ archives/xacml/201203/ msg00006.html   22 March 2012 TC Meeting     http://lists.oasis-open.org/ archives/xacml/201203/ msg00014.html     Accepted minutes from prev 2 meetings.      No objections to unanimous consent. II. Administrivia   Speaking opportunity for XACML TC at European Identity Conf (EIC)    in Munich 17 April: Jane wanted to know by 3/30, but let's discuss    if any interest, then can find out if still available:     http://lists.oasis-open.org/ archives/xacml/201203/ msg00015.html        dave broussard signed up for EIC speaking   XACML Core v3.0 WD-23 uploaded: still open issue as to what the    baseline for this rev is: i.e. did not seem to match w wd22.    See mtg minutes for more detail:     http://lists.oasis-open.org/ archives/xacml/201203/ msg00014.html    original wd-23 notice:     http://lists.oasis-open.org/ archives/xacml/201203/ msg00007.html        ready to vote to CSD wd23? (hal)        Recent diffs make it difficult to review changes,         need to discuss changes in identity wording (rich)        Typography issues need to be fixed prior to CSD?         (eric, ray fine without font changes)        Move to take wd23 to CSD (eric) seconded (ray)        Do cross references need to be updated now?          How did we do it last time?        Defer vote for CSD to next call to allow time to research,         address cross references        Urge everyone to review docs,         be prepared for CSD vote on next call   New item (rich): off list request rcvd from Oded Sofer of IBM    asking when XACML 3.0 expected to be released:     hal: indicated that while ind members may express their        opinions on projected dates, it is the TC process itself,        and the TC, as a whole, that determines the actual        schedule.     interested parties may refer to the OASIS Technical Committee        Approval Process to provide a basis for understanding where        in the process a specific spec is, and what remains for        its final approval:           http://www.oasis-open.org/ policies-guidelines/tc- process#standApprovProcess     also noted: do existing attestions need to reattest in light of         recent edits to spec? (rich, hal) - we will revisit this         as we move along in the process - no issues expected, but         it may be prudent to reissue the attestations referring to         the specific version being referred to. III. Issues   XACML Media Types (last mtg members asked to review the comments)   (Comment: Erik)   http://lists.oasis-open.org/ archives/xacml/201203/ msg00008.html        Ray to update document for next call        (john) no way to exchange request (collection of attributes)         without a compete decision request around it        How does PDP get all xacml attributes from, say, PIP?        (hal) Note recent proposal in SAML TC.        (john) could suffice, but can that handle non-subject attributes?        (john) Among the collection of media types defined,         there appears to be a gap        (hal) can be extended later        (ray) media types we have so far should be enough for         the REST profile   XACML Core v3.0 Comments   (Comment: Remon) also added comment in minutes about diagram     needs minor fix)   http://lists.oasis-open.org/ archives/xacml/201203/ msg00009.html   XACML v3.0 Open Items   Issues list:   http://lists.oasis-open.org/ archives/xacml/201202/ msg00001.html   Issue #3:  Combining Algorithm    general consensus is to create a separate Profile; erik to author     Eric posted a proposal for this comb alg as a separate profile.      Needs review.   Issue #4 Context Handler    update in latest draft wd-23: members should review   Issue #8 Schema Anomalies ("choice element" or "Policy w no Rules")     rich has action to post to wiki details of this issue and what      suggested action will be.        Meeting adjourned approx: 1:35        Next call April 19 ------------------------------ ------------------------------ --------- To unsubscribe, e-mail: xacml-unsubscribe@lists.oasis- open.org For additional commands, e-mail: xacml-help@lists.oasis-open. org -- Axiomatics AB Skeppsbron 40 S-111 30 Stockholm, Sweden http://www.linkedin.com/companies/536082 http://www.axiomatics.com http://twitter.com/axiomatics -- David Brossard, M.Eng, SCEA, CSTP VP Product Marketing & Customer Relations +46(0)760 25 85 75 Axiomatics AB Skeppsbron 40 S-111 30 Stockholm, Sweden http://www.linkedin.com/companies/536082 http://www.axiomatics.com http://twitter.com/axiomatics Attachment: OASIS XACML EIC 2012.pdf Description: Adobe PDF document

    Attachment(s)

    pdf
    OASIS XACML EIC 2012.pdf   733 KB 1 version


  • 3.  Re: [xacml] Re: EIC 2012 - representing the XACML TC

    Posted 04-20-2012 13:48
    I can tell that David did a good job presenting xacml.  I was present there. On 04/19/2012 09:50 AM, David Brossard wrote: Dear all, Just to give you a bit of feedback on the OASIS EIC workshop. I won't be on today's call due to prior commitments. The workshop went really well with a good intro by John Sabo of CA and Mike Small of Kuppinger Cole and then contributions from various TCs including OASIS's Identity in the Cloud TC, the Privacy Management Reference Model (PMRM) TC, and the XACML TC. In the slides I presented, I chose to introduce 3 possible ways authorization in the cloud could be tackled. I've attached the slides for your benefit. I think attendees were excited by the possibility of using context in authorization as well as having a single centralized point of management. Please find the slides attached. Cheers, David. On Mon, Apr 9, 2012 at 6:11 PM, David Brossard < david.brossard@axiomatics.com > wrote: Dear all, As Rich pointed out, I volunteered to represent the TC at EIC in Munich in a fortnight. If there is particular work items you would like to put forward, please do let me know. If there are upcoming XACML events you want me to mention, please do tell me as well. Kind regards, David. On Mon, Apr 9, 2012 at 6:04 PM, rich levinson < rich.levinson@oracle.com > wrote: Time: 13:00 EDT (GMT-0400) Tel: 513-241-0892 Access Code: 65998 Minutes for 5 April 2012 TC Meeting: (2nd update w 2nd attendance correction)  Thanks to Danny Thorpe of Quest Software for collecting   the details that are used as the basis for these minutes. I  Roll Call Voting Members        Crystal Hayes   The Boeing Company        Richard Hill    The Boeing Company        Rich Levinson   Oracle        Hal Lockhart    Oracle        Bill Parducci   Individual        Remon Sinnema   EMC        Danny Thorpe    Quest Software        John Tolbert    The Boeing Company        Paul Tyson      Bell Helicopter Textron Inc. Members        Erik Rissanen   Axiomatics   Approve Minutes:   Since no quorum at Mar 22 mtg, still need to approve Mar 8 minutes:   8 March 2012 TC Meeting     http://lists.oasis-open.org/archives/xacml/201203/msg00006.html   22 March 2012 TC Meeting     http://lists.oasis-open.org/archives/xacml/201203/msg00014.html     Accepted minutes from prev 2 meetings.      No objections to unanimous consent. II. Administrivia   Speaking opportunity for XACML TC at European Identity Conf (EIC)    in Munich 17 April: Jane wanted to know by 3/30, but let's discuss    if any interest, then can find out if still available:     http://lists.oasis-open.org/archives/xacml/201203/msg00015.html        dave broussard signed up for EIC speaking   XACML Core v3.0 WD-23 uploaded: still open issue as to what the    baseline for this rev is: i.e. did not seem to match w wd22.    See mtg minutes for more detail:     http://lists.oasis-open.org/archives/xacml/201203/msg00014.html    original wd-23 notice:     http://lists.oasis-open.org/archives/xacml/201203/msg00007.html        ready to vote to CSD wd23? (hal)        Recent diffs make it difficult to review changes,         need to discuss changes in identity wording (rich)        Typography issues need to be fixed prior to CSD?         (eric, ray fine without font changes)        Move to take wd23 to CSD (eric) seconded (ray)        Do cross references need to be updated now?          How did we do it last time?        Defer vote for CSD to next call to allow time to research,         address cross references        Urge everyone to review docs,         be prepared for CSD vote on next call   New item (rich): off list request rcvd from Oded Sofer of IBM    asking when XACML 3.0 expected to be released:     hal: indicated that while ind members may express their        opinions on projected dates, it is the TC process itself,        and the TC, as a whole, that determines the actual        schedule.     interested parties may refer to the OASIS Technical Committee        Approval Process to provide a basis for understanding where        in the process a specific spec is, and what remains for        its final approval:           http://www.oasis-open.org/policies-guidelines/tc-process#standApprovProcess     also noted: do existing attestions need to reattest in light of         recent edits to spec? (rich, hal) - we will revisit this         as we move along in the process - no issues expected, but         it may be prudent to reissue the attestations referring to         the specific version being referred to. III. Issues   XACML Media Types (last mtg members asked to review the comments)   (Comment: Erik)   http://lists.oasis-open.org/archives/xacml/201203/msg00008.html        Ray to update document for next call        (john) no way to exchange request (collection of attributes)         without a compete decision request around it        How does PDP get all xacml attributes from, say, PIP?        (hal) Note recent proposal in SAML TC.        (john) could suffice, but can that handle non-subject attributes?        (john) Among the collection of media types defined,         there appears to be a gap        (hal) can be extended later        (ray) media types we have so far should be enough for         the REST profile   XACML Core v3.0 Comments   (Comment: Remon) also added comment in minutes about diagram     needs minor fix)   http://lists.oasis-open.org/archives/xacml/201203/msg00009.html   XACML v3.0 Open Items   Issues list:   http://lists.oasis-open.org/archives/xacml/201202/msg00001.html   Issue #3:  Combining Algorithm    general consensus is to create a separate Profile; erik to author     Eric posted a proposal for this comb alg as a separate profile.      Needs review.   Issue #4 Context Handler    update in latest draft wd-23: members should review   Issue #8 Schema Anomalies ( choice element or Policy w no Rules )     rich has action to post to wiki details of this issue and what      suggested action will be.        Meeting adjourned approx: 1:35        Next call April 19