Time: 4:30 PM EST (-0400 GMT) Tel: 1-712-775-7031 Minutes for 13 April 2017 TC Meeting I. Roll Call & Minutes Attendance Voting Members Hal Lockhart (Co-Chair) Bill Parducci (Co-Chair) Rich Levinson Steven Legg Martin Smith Mohammad Jafari Members David Brossard Quorum: YES. 5 of 7 (71%) Approve Minutes 30 March 2017 APPROVED II. Administrivia Hal: Richard Hill has notified me that he will no longer be able to participate in the TC. David: I co-presented and published an ACM paper on how to implement ABAC / XACML. It may be found here:
http://dl.acm.org/citation.cfm?id=3041051 III. Issues Errata Status Hal: I am going to walk through the document that I posted to the list:
https://lists.oasis-open.org/archives/xacml/201704/msg00001.html The TC is encouraged to review and discuss the proposed actions before the next meeting. HL7 (Compound Attributes) David: I am interested if the TC has members interacting with the work on HL7...? Mohammad: I have. HL7 namespace health specific attributes are interoperable with XACML Hal: Attributes, not types? Mohammad: Some of the attributes are of type HL7 descriptor. Is this done in the context of XSPA? David: I don't believe so. Hal: If that's the case, it would be interesting to learn about it. There is a precedence for this type of model with Geo XACML, requiring a custom set of functions to consume. Mohammad: I have been involved in some discussions on how to create flat attributes from compound domain specific types. Perhaps we should explore an normative way to accommodate complex attributes? Steven: Entities Profile allows you to process complex attribute types in XACML. Martin: Doesn't this create a problem delivering them in SAML? Hal: If these are complex XML types, they should be able to be passed around. Mohammad: It's not that it's non-standard, it's that there were no known implementations of handling complex attributes types. Hal: This should distill down to PDP support. Mohammad: I am not sure compressing complex attributes to XML strings will always lead to a deterministic result. Hal: For the record the most common implementation of SAML is SSO, without attributes. Any work with attributes and SAML is a 1% of implementations domain. Break the Glass Martin: There is a lot of interest in the Break the Glass scenario. Hal: We explored this years ago without resolution. There were some issues surrounding Obligations initiated via Undetermined responses if I recall. Martin: It seems like the solution should be fairly straightforward. Bill: A draft document was posted by David Chadwick on the XACML email list:
https://lists.oasis-open.org/archives/xacml/201102/doc00000.doc meeting adjourned.