Minutes of XACML TC Meeting 13 September 2007
1 Roll Call
Attendees
Hal Lockhart (Co-chair)
Bill Parducci (Co-chair, minutes)
Erik Rissanen
Vernon Murdoch
Anthony Nadalin
Ron Williams
Rich Levinson
Prateek Mishra
Anil Saldhana
Seth Proctor
Vernon Murdoch
John Moehrke (Observer, GE)
Anil Tabbepla (Observer, Securent)
Quorum achieved (81% per Kavi)
2 Administrivia
Approval of Minutes
Vote on approval of 30 August TC meeting minutes
APPROVED: UNANIMOUS CONSENT
V3 Timing & Scope
Prateek discussed his concerns about the timeline for v3 given
the recent
interOp success and the velocity of changes could cause concern
by vendors
and adopters.
Ron offered that since the number of deployments is still in the
early
phases and that introducing v3 earlier would affect fewer
implementations.
Tony suggested that IBM is interested in seeing the TC move
forward with
key features and that moving forward when ready will be beneficial.
Hal noted that by the time v3 gets out v2 will have been out for
about 3
years and some of the v3 features--delegation being notable--
have been in
demand for some time. Also, he noted that Delegation is an optional
Profile, that v2 compatibility is being striven for and that the
move to
v3 may not be necessary for those that do not require Delegation.
Rich voiced concern that the changes in v3 span a number of
areas across
the specification, some of which is structural clean up. He
asked why the
changes to the protocol are necessary to facilitate the new
feature set.
Bill suggested that there has been considerable demand for
Delegation in
particular and that while the TC should be mindful of the
Commercial
implications of change, that it is important that the TC focus on
developing and publishing requested features in a timely manner.
Erik offered that Attribute Categories is a new concept and is
therefore,
simply a feature addition. He also noted that Delegation was
developed
initially on top of the v2 schema and the complexity drove the
move to
make the changes in the current v3 Draft.
3 Issues
v2/v3 Compatibility
Erik discussed his research into v2/v3 compatibility. The
results are that
it is logically more feasible to internally downgrade a v3
request to v2
rather in an v3 PDP that has mixed Policies than attempt to
upgrade a v2
Policy to v3 (in batch or real time). He noted that there is a
border case
with XPath and that if necessary a manual configuration to the
PDP's
interpretation of the request can work through this.
Trusted Issuer
The TC discussed the implications of implicit/explicit Trusted
Issuer in
v3. After attempting to frame the issue into discrete choices
Erik offered
to post the options for dealing with this to the list.
Obligations
Rich asked if Working Draft 1 contained all current work and if
it replaced
Obligations in the current schema. Erik confirmed that it did
and that the
proposed solution is compatible with v2 Obligations.
meeting adjourned.