OASIS eXtensible Access Control Markup Language (XACML) TC

Minutes TC Meeting 13 September 2007

  • 1.  Minutes TC Meeting 13 September 2007

    Posted 09-13-2007 15:36
    Minutes of XACML TC Meeting 13 September 2007
    
    1  Roll Call
        Attendees
          Hal Lockhart (Co-chair)
          Bill Parducci (Co-chair, minutes)
          Erik Rissanen
          Vernon Murdoch
          Anthony Nadalin
          Ron Williams
          Rich Levinson
          Prateek Mishra
          Anil Saldhana
          Seth Proctor
          Vernon Murdoch
          John Moehrke (Observer, GE)
          Anil Tabbepla (Observer, Securent)
    
          Quorum achieved (81% per Kavi)
    
    2  Administrivia
        Approval of Minutes
         Vote on approval of 30 August TC meeting minutes
         APPROVED: UNANIMOUS CONSENT
    
         V3 Timing & Scope
         Prateek discussed his concerns about the timeline for v3 given  
    the recent
         interOp success and the velocity of changes could cause concern  
    by vendors
         and adopters.
    
         Ron offered that since the number of deployments is still in the  
    early
         phases and that introducing v3 earlier would affect fewer  
    implementations.
    
         Tony suggested that IBM is interested in seeing the TC move  
    forward with
         key features and that moving forward when ready will be beneficial.
    
         Hal noted that by the time v3 gets out v2 will have been out for  
    about 3
         years and some of the v3 features--delegation being notable-- 
    have been in
         demand for some time. Also, he noted that Delegation is an optional
         Profile, that v2 compatibility is being striven for and that the  
    move to
         v3 may not be necessary for those that do not require Delegation.
    
         Rich voiced concern that the changes in v3 span a number of  
    areas across
         the specification, some of which is structural clean up. He  
    asked why the
         changes to the protocol are necessary to facilitate the new  
    feature set.
    
         Bill suggested that there has been considerable demand for  
    Delegation in
         particular and that while the TC should be mindful of the  
    Commercial
         implications of change, that it is important that the TC focus on
         developing and publishing requested features in a timely manner.
    
         Erik offered that Attribute Categories is a new concept and is  
    therefore,
         simply a feature addition. He also noted that Delegation was  
    developed
         initially on top of the v2 schema and the complexity drove the  
    move to
         make the changes in the current v3 Draft.
    
    3 Issues
         v2/v3 Compatibility
         Erik discussed his research into v2/v3 compatibility. The  
    results are that
         it is logically more feasible to internally downgrade a v3  
    request to v2
         rather in an v3 PDP that has mixed Policies than attempt to  
    upgrade a v2
         Policy to v3 (in batch or real time). He noted that there is a  
    border case
         with XPath and that if necessary a manual configuration to the  
    PDP's
         interpretation of the request can work through this.
    
         Trusted Issuer
         The TC discussed the implications of implicit/explicit Trusted  
    Issuer in
         v3. After attempting to frame the issue into discrete choices  
    Erik offered
         to post the options for dealing with this to the list.
    
         Obligations
         Rich asked if Working Draft 1 contained all current work and if  
    it replaced
         Obligations in the current schema. Erik confirmed that it did  
    and that the
         proposed solution is compatible with v2 Obligations.
    
    meeting adjourned.