[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

minutes: HRAC submeeting team conference call August 11, 1998

To: hrac-rfp@cs.fiu.edu
Subject: minutes: HRAC submeeting team conference call August 11, 1998
From: Konstantin Beznosov <beznosov@baptisthealth.net>
Date: Tue, 11 Aug 1998 18:05:23 -0400 (EDT)
Reply-To: Konstantin Beznosov <beznosov@baptisthealth.net>
Sender: owner-hrac-rfp@cs.fiu.edu

Attached.

Konstantin

-----------------------------------
Distributed Computing Architect
Baptist Health Systems of South Florida
voice: 305.596.1960 x6469

Minutes of the HRAC RFP response submitters team conference call

Date: August, 11 1998
Time: 2:00PM -- 3:40 PM Eastern time
Compiled by Konstantin Beznosov

Participants:
Carol Burt -- 2AB,
Bob Burt -- 2AB,
David Chizmadia -- NSA, 
John Barkley  -- NIST, 
Bart de Greef -- Philips, 
V. Juggy Jagannathan -- CareFlow|Net,
Konstantin Beznosov -- BHSSF,
Bob Blakley -- IBM

The following issues were discussed:

1. Submitting team meeting during the OMG Seattle meeting
2. The list of outstanding issues and priorities of items in it.
3. Resource-related issues.
4. Action items for the next conference call (August, 25)

-------------------------------------------------------

Details:

Below is the summary of what was said and conclusions the way I 
understood. Those who think that something essential is missing from
the minutes or something is presented here inaccurately, please send to
the list or directly to me your comments/feedback/corrections and I'll
incorporate them in the minutes text.

1. Submitting team meeting during the OMG Seattle meeting
   It was decided to have two three-hour meetings:
    Monday,  9/14/98 from 5PM to 8PM
    Thursday 9/17/98 from 5PM to 8PM
    
2. The list of outstanding issues and priorities of items in it.
   Konstantin sent out an updated version of the list several hours
   before the meeting. Participants did not have any suggestions to
   change the list.
   Juggy raised the issue of having methods on ADO interface that would
   allow ADO clients to make queries to authorization decisions for
   multiple resources. The issue will be put in the list. Konstantin
   pointed out that we need to figure it out how to deal with a single
   resource. After that we can make a step further and solve the problem
   for multiple resources.

3. Resource-related issues. We attempted to go through the list of
   issues  (http://cadse.cs.fiu.edu/omg/hrac-rfp/msg00108.html) raised
   by Bob Burt. Almost all of them are related to resources.
   We discussed the following items from Bob Burt's list: (issue ID from
   the issue list is in brackets)

   I.(10) Should HRAC understand application data/functionality?
    It was decided not to answer to this question until we know answer
    to question V.
   
   II.(11) What is a resource?
   
   It was decided to use already established definition of "secure
   resource" from the terminology list that was agreed upon during the
   Helsinki meeting
   (http://cadse.cs.fiu.edu/omg/hrac-rfp/msg00069.html): "a 'secured
   resource' can be any valuable asset of an application owner, which
   is accessed by an application on behalf of a principal using it, and
   access to which is to be controlled according to the owner's
   interests."
   Thus issue #11 is considered to be resolved and closed.

   III. (12) What is a resource name?
   
   After some discussion, the participants reached the consensus that
   there are three different things:
    1. Resource name
    2. Resource identifier, and
    3. Resource reference
    
   It was decided not to use term "resource identifier" in order to
   avoid confusion with term "resource reference", and due to the fact
   that CORBA already has 2 distinguished concepts: "object name" and
   "object reference".
   
   There was a discussion on the difference between "resource name" and
   "resource reference". Bob Blakley took the action item to propose
   definitions of terms "resource name" and "resource reference"
   
   We agreed that we do not know the answer to the question if contents
   of a resource reference should be opaque or implementation
   dependent. This question is a separate issue that has to be resolved
   later.

   V. (14) What information does an application pass to the decision maker logic?
   
   It was decided that in order to answer this question, we need to
   answer first question III.
   
   VIII. (17) What else is needed?
   
   It was suggested to differ answer to this question until we have
   something sufficient enough to be called a submission. Then we'll see
   if anything else is needed.


4. Action items for the next conference call (August, 25)
   
   The following action items are due to the next conference call:
   
   - Bob Blakley to propose definitions of "resource name" and
     "resource reference".

   - Bob Burt and Bob Blakley to propose a design model for HRAC
   facility.
   
   - John Barkley and Konstantin Beznosov to develop use cases for the
   proposed by Bobs design models or for a black box model.

--------------------------------------------------------------------

Prev by Date: FWD: Next HRAC conference call agenda
Next by Date: updated list of outstanding issues
Prev by thread: FWD: Next HRAC conference call agenda
Next by thread: updated list of outstanding issues
Index(es):
- Date
- Thread