OGSA-Authz WG Meeting Notes Nov 13, 2003

Attending:
Olle Mulmo
Mary Thompson
Frank Siebenlist
Von Welch
Sam Meder
Rachana Ananthakrishnan
Takuya Mori
David Chadwick
Sassa Otenko
Markus Lorch

Side conversation regarding Von\'s latest changes to Authz interface
document

David:
 Am looking at changes now. Concerned they may make implementation
harder with opensaml.

On to main agenda item: Privilege attributes

VW: Markus, do you have suggestions on how to incorporate these?

Markus:
 1) Document scope as it is now, priv attrs as one type of attributes
 2) Just talk about description attributes
 
DC:
 Just talk about attributes generically
 Then have breakout documents specify document type, DAC, MAC, RBAD,
Admin

VW:
 Could we think of these things as being in the policy documents

ML: 
 Could, but I like to think of them as attributes

Long discussion followed. We seemed to reach general agreement on
privilge and descriptive attributes as a useful method of
characterization with conditions being something applicable to both.

[Additional comment from DC: another point we all agreed upon which needs to be captured, is that all attributes are asserted by someone (which could be yourself in the case of a target for example), and if you trust that someone, then the assertion becomes a fact (to you at least). Policy then defines rules/conditions for these facts (and assertions). ]

Markus and Mary will meet at SC and will generate new text for
attributes document to be discussed on next call.

Von will continue to update overview document as documents progress.

Von will out schedule phones calls for December. Will will not have a
call on 27th (Thanksgiving in US).

David raised issues about SAML authz possibly disappearing in SAML 2.0

VW: Have seen in 2.0 work items that it may get seriously
revamped. Don\'t think lots of folks are using it. Should solicit
opinion from Rebekah.

DC: Could GGF be a SAML member? Von will investigate.

Adjourn