[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Orlando kick-off meeting minutes

To: hrac-rfp@cs.fiu.edu
Subject: Orlando kick-off meeting minutes
From: Konstantin Beznosov <beznosov@baptisthealth.net>
Date: Thu, 18 Jun 1998 11:45:06 -0400 (EDT)
Reply-To: Konstantin Beznosov <beznosov@baptisthealth.net>
Sender: owner-hrac-rfp@cs.fiu.edu

Hi, all

I've put together minutes of the last (and first :) meeting of all those who
are going to work on the response.

Konstantin

------------------------------------------------------------------------

HRAC RFP kick-off submitters meeting 

Date: June 9, 1998
Place: Caribe Royale, OMG TC meeting, Orlando
Time: 5PM -- 7PM

Minutes

o  Attended:
   - Bret Hartman          Concept Five   hartman@concept5.com
   - Bart deGreef          Philips        degreef@medgrid.philips.com
   - Jim Williams          MITRE          jgw@mitre.org
   - Greg Tally            TIS Labs @ NAI tally@tis.com
   - Dave Harkcom          TIS Labs       dharkcom@tis.com
   - Enrique Urzais        BHS            enriqueu@baptisthealth.net
   - John Burns            CyberGuard     jburns6395@aol.com
   - John Barkley          NIST           jbarkley@nist.gov
   - Wayne Wilson          University of  wwilson@umich.edu
                           Michigan Health
                           Center
   - Carol Burt            2AB            cburt@2ab.com
   - David Chizmadia       NSA            dmc@tycho.ncsc.mil
   - Konstantin Beznosov   BHSSF          beznosov@baptisthealth.net
   - Juggy                 CareFlow|Net   juggy@careflow.com
   - Bob Blakley           IBM            blakley@us.ibm.com
   
o  Attendances introduced themselves and described their interest in
   the work on the response.

o  Bob Blakley introduced the audience into the process of work on
   submissions to the OMG RFPs. He described how things are usually
   done in submitters teams. He explained the difference between an official
   submitter and supporter of a responce.
   
o  People from the four officially submitting companies (2AB, BHSSF,
   CareFlow|Net, IBM) gave their initial thoughts on the responses
   they wanted to submit.

   - Carol described an interaction view with the decision facility,
   rule cache and rule repository.

   - Bob sketched a possible object model that looked very similar to
   CORBASEC object model. He suggested to begin refinement process
   with this model and see if it will satisfy needed functionality
   and would provide rich enough rule language. Administration
   interface, i.e. rule management interface, was not discussed at
   this point.

   Konstantin made a comment that it makes sense to do refinement
   process by re-evaluating object model and administration interface
   in parallel (or going back and force) because the object model is
   what limits richness of the admin interface, and the admin
   interface defines how complex the object model has to be.

   - Konstantin talked about specifying only decision and
   administration interfaces without explicitly defining interface
   between rule repository and rule cache, or the object model
   "behind" the interfaces. Several people pointed out that an
   interface between the rule repository and rule cache instances are
   needed. Otherwise, the only way to manage decision facilities
   would be to administrate mutliple instances of the same
   interface, which would lead to a clumsy way of management such
   facilities. It is better to have one interface to administrate and
   to have rules to be replicated in some fashion across all instances
   of access decision facility (ADF).

   Bob pointed out that object model maybe not specified
   but at least identified to make sure that the specification is
   implementable and to be in a position to asses performance of
   potential implementations.

   Bob took an action item to make electronic picture of the model he
   described and send it to the submitters mail list (see below).
   
   - Juggy made a point that ideally an application service should
   not be responsible for enforcing access control at all, and thus
   all enforcement should be done on the level of interceptors, or
   some application wrappers. This means that application services
   should not "consult" such an access decision facility at all.
   Several people replied that this problem is out of scope of the
   RFP and that the intended facility can be "consulted" by any
   entity (interceptor, client, object, service, etc.) in the CORBA
   environment.

o  Representatives from official submitters agreed that their
   intended responses are similar, and it is beneficial for all of
   them to work together on the submission.

o  It was suggested to have conference calls every other week in
   order to have good progress in the work.

o  Konstantin gave information on the submitters mail list and
   directions how to subscribe to the list: send a message to
   <hrac-rfp-request@cs.fiu.edu> with phrase "subscribe [address]",
   where [address] is optional e-mail address in case sender's
   address is different from the one the sender wants to receive
   messages on.

o  The meeting adjured at this point.


o Action items:
   - Bob Blakley -- to send discussed object model to the submitters
   mail list in order it can be used as a starting point for the
   response.
   
   - Konstantin Beznosov -- to write the meeting minutes and send
   them to the mail list.
-------------------------------------------------------------------------   


----------------
Broadcast message to hrac-rfp from Konstantin Beznosov <beznosov@baptisthealth.net>.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.

Prev by Date: Re: teleconference call on the week of June 29 -- July 3
Next by Date: Re: Orlando kick-off meeting minutes
Prev by thread: Re: Resend: [CPR security policies at BHS]
Next by thread: Re: Orlando kick-off meeting minutes
Index(es):
- Date
- Thread