[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

HRAC conference call 6/30/98: minutes

To: hrac-rfp@cs.fiu.edu
Subject: HRAC conference call 6/30/98: minutes
From: Konstantin Beznosov <beznosov@baptisthealth.net>
Date: Tue, 30 Jun 1998 16:44:27 -0400 (EDT)
Reply-To: Konstantin Beznosov <beznosov@baptisthealth.net>
Sender: owner-hrac-rfp@cs.fiu.edu

Below are the minutes of the HRAC RFP responce submission team (submitters and
supporters):

-------------------------------------------------------------------------------

1. bi-weekly conference calls
The calls will be held every other Tuesday starting 7/14/98 at 2:00 PM Eastern
time.
It is enough frequency as long as people work actively over e-mail and do their
homework.
Bob Blakley will have the call on 7/14/98 set up and possibly all other calls.
By default, the call on 7/28/98 will be skipped.

2. Submitters meeting in Helsinki
The following people from the team will be there: David, Bret, Carol, and
probably Konstantin. If there will be no quorum, most likely, the extended
outline of the response text will be discussed.

3. Submission text maintenance
Contributed text should be in ASCII, pictures in PDF. Bob Blakley will have his
secretary to maintain the text. Konstantin can volunteer his time for the text
maintenance when his company buys PageMaker.

4. Object model of the initial design
Bob will send by the end of the week (8/5/98) the sketch he presented in
Orlando to the mail list with initial interfaces in IDL.

5. Decision interface issues
- Konstantin raised the issue of using QoP properties of the request in access
decisions.
   QoP can be obtained without passing it explicitly if the decision facility
is locally constrained. Bret made a comment on the general issue that some
customers want to have an extensible interface to access decision object(s).
Carol commented that it is the matter of defining secure resources. Bob made a
comment that flexibility is more important than interoperability across
different vertical domains. Bret suggested to have several use cases in the
response appendix that would show how to take into account various factors like
QoP, principal location, time, etc. The consensus was to keep the interface as
simple as possible and to provide a discussion on how QoP can be taken into
account by the decision logic.

- Konstantin mentioned that sometimes it is convenient to have one invocation
on the decision object and to receive decisions about more than one operations
and/or more than one resources for the same principal.
 Bob described it as a legitimate issue. After a short discussion, the
consensus was to design an interface for a single triple (resource, operation,
principal credentials) and then to expand the interface to accommodate this
issue.

 - John Barkley raised the issue of extensible predicate language and referred
to "DACM and its successors" (correct title?). There was a short discussion on
how rich and extensible the language of access rules should be. No consensus
was reached due to the fact that the discussion did not go into enough level of
details. It was suggested to continue the discussion of the rule
language/interface expressiveness in the next calls and e-mail exchanges.

6. New submitters/supporters and LOI re-opening
Carol asked if anyone is opposed to Inprise joining the response team. Nobody
was opposed. Konstantin mentioned that a company "Strategic Data Command"
contacted him and the company wants to contribute to the response. The company
is supposed to contact Konstantin to let him know if they committed to
contributing to the response. Bob and Carol mentioned importance of obeying to
the LOI due dates and not reopening LOI each time somebody wants to join
submitters.

7. Action items for the next (7/14/98) conference call:

 A. Bob Blakley to set up a conference call on 7/14/98 2:00 PM Eastern time.
 B. Bob Blakley to send the object model sketch and initial draft of interfaces
in IDL to the response team mailing list by the end of this week (7/4/98).
 C. Konstantin to send to the mail list several use cases that show how the
policies that he sent earlier has to be enforced by a clinical application.

Please send any corrections of the minutes to the list or to Konstantin.
----------------------------------------------------------------------------

Konstantin


----------------
Broadcast message to hrac-rfp from Konstantin Beznosov <beznosov@baptisthealth.net>.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.

Prev by Date: who was on the conference call?
Next by Date: RE: who was on the conference call?
Prev by thread: RE: who was on the conference call?
Next by thread: Re: HRAC conference call 6/30/98: minutes
Index(es):
- Date
- Thread