AuthZ WG Home Documents: Framework Glossary Requirements Archive: GGF8 Minutes GGF8 Agenda Telco 2003-06-03 Telco 2003-05-27 Telco 2003-05-20 GGF7 #1 - GGF7 #2 GGF7 Agenda Telco 2003-02-26 Telco 2003-02-19 Telco 2003-02-12 Telco 2003-02-07 BOF Agenda BOF Minutes BOF Handout Related Efforts Current users: guest (web) guest (web) guest (web) |
Attendees: Markus Lorch Andrew McNab Leon Gommans Frank Siebenlist Bob Cowles Rich Baker Mary Thompson Jim Basney (secretary) Call Summary: New draft sections for the framework document, as assigned from last week, have been sent to the mailing list, except 4.2 (Dane) and 4.6 (Rich). Many of the sections arrived close to the start of the call so they hadn't been read by most attendees so the discussion was mostly postponed. Andrew will do some work on the requirements section this week. Bob will bring the sections together into a single document and distribute that to the mailing list on Thursday. Then we'll have a section by section review on the mailing list. We'll have a call next week at the same time. Call Minutes: Some new sections were sent out the mailing list just before the call, so most attendees didn't get a chance to read them. Dane's section hasn't arrived. Rich hasn't written 4.6 yet. Section 5 could go into an appendix? Then make summary a section 5. Put classification in section 5 but move discussion of specific technologies to appendix. Need to go back to section 2 to clarify terms and make sure they're used consistently. Service provider combines authority and resource. Subject and Attribute Authority. Resource and Resource Authority. Policy and Policy Authority. Question about definition of service provider. Is it the resource? What if the resource is distributed? Need to differentiate between the entity providing the service vs. the entity providing the resource? Is it an agent model? A single authority in front of multiple resources? No. There is probably a site authority (multiple resources at a site), resource authority (example: disk), authority for a file (for example). Policy authority vs. resource authority. Are they the same thing? Policy Authority, Resource Authority, and Environment Authority target different granularities or levels in the resource hierarchy but are generally the same thing. In XACML, there's a policy set that defines how individual policies are combined. For example, site policy and resource policy are combined. They don't exist as a single source document. You need a way to understand why the request failed. Which policy failed? A hard thing to do. You don't want to reveal too much information because an attacker can probe the policy. In section 4.5, the policy language/algorithm is application dependent. Has anyone looked at W3C language for privacy rules? We should. Related to the context section. IBM Zurich has done some work on policy privacy languages. Meaning of application-independent in dispute. Markus sent mail about it to the list. Andrew will work on the requirements section. Will refer to Site AAA discussion for requirements. Please read latest draft on mailing list. Bob will have a version for review out on Thursday. Review on the mailing list, section by section, like Site AAA group? Andrew will run the call next week. Same time. |
| /public/users/mlorch/Grid-AuthZ/Telecon Minutes 2003-05-27 | Login | Web Editor | Full Editor |
| Last modified 6/24/03 12:49 PM by mlorch (history) Site contents | |