OASIS eXtensible Access Control Markup Language (XACML) TC

Minutes 10 March 2011 TC Meeting

  • 1.  Minutes 10 March 2011 TC Meeting

    Posted 03-10-2011 18:42
    I. Roll Call Voting Members Hal Lockhart (Chair) Bill Parducci (Co-Chair, minutes) Erik Rissanen Paul Tyson Doron Grinstein Gregory Neven IBM Franz-Stefan Preiss Anthony Nadalin Rich Levinson John Tolbert David Staggs Abbie Barbir Quorum met: (85% per Kavi) I. Roll Call & Approve Minutes: 24 February 2011 TC Meeting (Updated): APPROVED unanimously II. Administrivia Time Change The time change in the US is schedule for Sunday 13th, however the EU is scheduled for the 27th. The next call will be "1 hour earlier" for EU participants. F2F The TC will not meet during the ID Trust meeting timeframe. The Chairs wish to continue soliciting locations/dates to acommodate a F2F in the Spring. ITU-T Hal noted posting links of interest for ITU-T to list. Abbie will review within the next week. W3C Privacy/Trust Work Paul asked if Hal is still in contact with W3c, since he has noticed there seems to be an interest in that organization looking for a privacy language. Hal noted that he is not aware of any directly related policy work. III. Issues Attribute Assertions in XACML request Greg is writing fist draft of a schema and sample files to post to the list. The proposal contains text that is profile-like. The aim is to post sometime next week for review. Current work on using Obligations to address attributes, in particular how FulfillOn is applied is being considered. The desire is to have Obligations thrown even when Indeterminate is encountered. Paul offered that he is uncomfortable with using Obligations as a general communication mechanism. Paul suggested that creating a unique namespace may allow for this in the response. Greg will start a thread on the list to discuss the Use Case and open discussion. Sticky Policies Hal introduced the topic of sticky policies: policies that are signed and attached to the data. He suggested that a Profile may be constructed to solve this problem using XACML. Paul offered that the spec lacks a way to "point directly" to a resource (stateless reference only). Paul offered to develop some Use Cases to demonstrate this. Rich asked Hal to post this concept to the list. Conformance Tests Doron described his conversion of XACML v2 to XACML v3 work that has been posted to the bitKoo site. Hal requested that we need to get a version of the tests into the Oasis svn repository. Doron proposed a vetting process to allow a broader audience to participate. Hal requested a proposal on how to do this. Doron will work with Bill to come up with a proposal. Paul noted that the TC need to address the uniqueness of Policy IDs as part of this. Paul will work with Doron and Bill on the proposal to address this. meeting adjourned.