Concordia telecon 1 Jul 2008
From Project Concordia
Contents |
Attending
Eve Maler (Sun), Neil Meister (Micron), Mario Lischka (NEC Europe), Steve Coplan (The 451), Roger Sullivan (Oracle), Erik Rissanen (Axiomatics), Hal Lockhart (Oracle), Scott Cantor (Internet2), Jeff Hodges (Neustar), Mike Jones (Microsoft), Brett McDowell (Liberty), Wilfred Springer (TomTom), Prateek Mishra (Oracle), Colin Wallis (NZ SSC)
(We discovered that some people have inadvertently been dropped from the Concordia list, seemingly around June 19, when the subject-line keyword -- which before our May 2008 list hiccup had been [Concordia] and after it had been [Community] -- got switched back to [Concordia] again! Eve will send mail to likely communities of interest, asking people to doublecheck that they're subscribed. Brett will check on the source of this new email hiccup.)
Handling multiple work streams in Concordia
Discussion: how to handle multiple "work streams" in the Concordia community (x:30 to x:45 max) We've got roughly two work streams at the moment, and I'm not sure how much the sub-communities overlap. Should we have different call times in the future for the ongoing work? Should we accommodate all the topics in a single telecon stream? Who would like to champion the different areas?
To answer these questions, it's helpful to know: What were the next steps coming out of the recent workshop? They included getting the final presentation from the U.S. Army, understanding what specifics (XACML and WS-Policy and other technologies) might be relevant, where are there technology gaps, and finding a champion/community leader for this area.
The sentiment is to keep email and telecons as a single work stream, and to keep the time slot we have (even though we know it's not ideal for some active participants).
Right now, it seems that the initial pipeline of Concordia use cases is only maybe 1/3 full (possibly with Levels of Assurance discussions in the near future), so there's no particular burden in joining all the topics into a single work stream. People can attend for specific topic areas as their interests dictate.
Prateek agrees to run the July 15 call or alternatively cancel the call. (Roger and likely Hal are unavailable that day.)
InfoCard profile for SAML2
Quick check-in: Scott's InfoCard Profile for SAML2 (x:45 to x:50 max) Any input this community would like to offer to Scott as he carries this work forward in the SSTC? E.g., are the InfoCard portions technically accurate?
Scott's draft is here.
Essentially, this is an *assertion* profile for SAML2 that is intended for use with InfoCard. The work is continuing in the SSTC, so people should take a look and weigh in through the usual methods (either by participating in the SSTC or using the OASIS comment mechanism).
Policy and entitlement management workshop roundup
Report, discussion, and possibly an additional presentation: policy/entitlements workshop (x:50 to y:30)
Here is the Catalyst Concordia Policy Workshop 2008 page.
Gerry Gebel, Hal, Mike Beach, Serge Rousakov, and Neil Meister gave presos. We're still waiting to hear from the U.S. Army, for completeness. Specific use-case scenarios need to be spun out. This can help elucidate needs and gaps around XACML and WS-Policy usage.
Hal notes that the user presos didn't tend to mention any concerns about WS-Policy and WS-SecurityPolicy, so maybe it's early days for these technologies. Prateek feels the use cases found in the presos were very valuable.
Were other technologies discussed? The discussion was largely around existing access control problems, how to put together input into XACML exchanges, how to manage the policy environment, etc. It focused on the business problems of entitlements and authorization.
There was interest in pursuing content management vendors to see if they're interested in taking part.
The XACML TC pages would be helpful for finding resources about generalized administration delegation. Erik will post some handy pointers.
