[Concordia] Notes from 1 Jul 2008 Concordia community call

Eve Maler Eve.Maler at Sun.COM
Tue Jul 1 14:13:31 EDT 2008 

== Attending ==

(Please alert me to any mistakes below!)

Eve Maler (Sun), Neil Meister (Micron), Mario Lischka (NEC Europe),  
Steve Coplan (The 451), Roger Sullivan (Oracle), Erik Rissanen  
(Axiomatics), Hal Lockhart (Oracle), Scott Cantor (Internet2), Jeff  
Hodges (Neustar), Mike Jones (Microsoft), Brett McDowell (Liberty),  
Wilfred Springer (TomTom), Prateek Mishra (Oracle)

(We discovered that some people have inadvertently been dropped from  
the Concordia list, seemingly around June 19, when the subject-line  
keyword -- which before our May 2008 list hiccup had been [Concordia]  
and after it had been [Community] -- got switched back to [Concordia]  
again!  Eve will send mail to likely communities of interest, asking  
people to doublecheck that they're subscribed.  Brett will check on  
the source of this new email hiccup.)

== Handling multiple work streams in Concordia ==

"Discussion: how to handle multiple "work streams" in the Concordia  
community (x:30 to x:45 max)

We've got roughly two work streams at the moment, and I'm not sure how  
much the sub-communities overlap.  Should we have different call times  
in the future for the ongoing work?  Should we accommodate all the  
topics in a single telecon stream?  Who would like to champion the  
different areas?"

To answer these questions, it's helpful to know: What were the next  
steps coming out of the recent workshop?  They included getting the  
final presentation from the U.S. Army, understanding what specifics  
(XACML and WS-Policy and other technologies) might be relevant, where  
are there technology gaps, and finding a champion/community leader for  
this area.

The sentiment is to keep email and telecons as a single work stream,  
and to keep the time slot we have (even though we know it's not ideal  
for some active participants).

Right now, it seems that the initial pipeline of Concordia use cases  
is only maybe 1/3 full (possibly with Levels of Assurance discussions  
in the near future), so there's no particular burden in joining all  
the topics into a single work stream.  People can attend for specific  
topic areas as their interests dictate.

Prateek agrees to run the July 15 call or alternatively cancel the  
call.  (Roger and likely Hal are unavailable that day.)

== InfoCard profile for SAML2 ==

"Quick check-in: Scott's InfoCard Profile for SAML2 (x:45 to x:50 max)

Any input this community would like to offer to Scott as he carries  
this work forward in the SSTC?  E.g., are the InfoCard portions  
technically accurate?"

Scott's draft is here:

http://www.oasis-open.org/committees/download.php/28626

Essentially, this is an *assertion* profile for SAML2 that is intended  
for use with InfoCard.  The work is continuing in the SSTC, so people  
should take a look and weigh in through the usual methods (either by  
participating in the SSTC or using the OASIS comment mechanism).

== Policy and entitlement management workshop roundup ==

Report, discussion, and possibly an additional presentation: policy/ 
entitlements workshop (x:50 to y:30)

Please see the workshop wiki page, and if you have further comments,  
don't hesitate to edit this page:

http://projectconcordia.org/index.php/Catalyst_Concordia_Policy_Workshop_2008

Gerry Gebel, Hal, Mike Beach, Serge Rousakov, and Neil Meister gave  
presos.  We're still waiting to hear from the U.S. Army, for  
completeness.  Specific use-case scenarios need to be spun out.  This  
can help elucidate needs and gaps around XACML and WS-Policy usage.

Hal notes that the user presos didn't tend to mention any concerns  
about WS-Policy and WS-SecurityPolicy, so maybe it's early days for  
these technologies.  Prateek feels the use cases found in the presos  
were very valuable.

Were other technologies discussed?  The discussion was largely around  
existing access control problems, how to put together input into XACML  
exchanges, how to manage the policy environment, etc.  It focused on  
the business problems of entitlements and authorization.

There was interest in pursuing content management vendors to see if  
they're interested in taking part.

The XACML TC pages would be helpful for finding resources about  
generalized administration delegation.  Erik will post some handy  
pointers.


Eve Maler                                         +1 425 947 4522
Principal Engineer                            eve.maler @ sun.com
Business Alliances group                    Sun Microsystems, Inc.

More information about the Community mailing list