[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

minutes: submitters meeting on Monday 9/15

To: hrac-rfp@cs.fiu.edu
Subject: minutes: submitters meeting on Monday 9/15
From: Konstantin Beznosov <beznosov@baptisthealth.net>
Date: Thu, 17 Sep 1998 01:12:09 -0700
Organization: Baptist Health Systems of South Florida
Sender: owner-hrac-rfp@cs.fiu.edu

Attached are minutes (in RTF and plain text) taken by Tad Davis.

Konstantin

HRAC

HRAC Meeting Minutes – September 15, 1998 4:00PM -- 8:00PM

Konstantin Beznosov – facilitator,

This minutes are taken by Tad Davis and slightly edited by Konstantin Beznosov

Attendees:
Bret Hartman Concept Five
Carol Burt 2AB
Dave Forslund LANL
Tim Brinson Protocol
Dan Sterne TIS Labs & Network Assoc.
Dave Sanes TIS Labs & Network Assoc.
Andre Srinivasan Inprise
Bart de Greeg Philips Medical Systems
Tad Davis CareFlow|Net, Inc.
Kent Wreder BHSSF
Andreas Klingler Univ. of Erlanger
Konstantin Beznosov BHSSF
Introductions, Interest, & Patterns of Use

Carol Burt – Telecom system, has customers who are asking for this.

Dave Forslund – Secure PIDS implementation, telemedicine nation-wide needs security to employ.

Dave Stearn – TIS labs, working on access control for CORBA, OO CORBA type enforcement developed,
may partially satisfy HRAC.

Bart de Greef – Medical domain, open standards, commercial architecture. Advise customers to buy a
certain implementation.

Tim Brinson – Relationship to COAS.

Andre S (Inprise) – Tracking HRAC, may possibly move into healthcare. Intent is to resell or license an
implementation, healthcare domain and possibly broader.

Tad Davis – Secure components for healthcare is the company byline, two customers are on the HRAC
team and require access control. Currently have an implementation which uses filters and is limited to
ORBIX, must move to a standard access control mechanism.

Konstantin – Tried to model and map to healthcare, tried to incorporate with PIDS. Did not allow the fine
grain access control that was required. Will not be developed internally, push standard for general
architecture and to push the commercial, best-of-breed process to begin.

Bret Hartman (Concept Five) – Broader customers than healthcare, banking as well. Constantly get
requirements for finer grained access control than what CORBA provides.

Goals for the Week

1. Agreed upon IDL interfaces
2. Outline for submission
3. Writing assignments, and due dates for submission
4. Identify an editor
5. Initial submission should be significantly complete and not change drastically to the final submission

Carol volunteered as editor of the response submission text.

#1 identified as primary goal. #2 & #3 secondary goals.

Attempt to merge NSA’s, IBM’s, and 2AB’s proposals into one. Must meet requirements of COAS.

Carol suggested that IDLs be developed first and then run through use cases to verify and validate the
IDLs.

Time Allocations

2AB Proposals Tuesday 1 hour
IBM Proposals Thursday
NSA Proposals
Converge and Create Final IDL
Outline Proposals Tuesday 1 hour
Assign Work Tuesday 10 minutes

2AB Proposal

Not complete, requires changes.
Basic Types

New Issue: Typedef discussion – issue, does it result in proliferation of Java classes?

Anticipate that in the CORBAmed space the qualified names coming out of naming authority will be used.
Naming authority is not included.

New Issue: Does the resource have to be globally unique, implies a mechanism, i.e. naming authority.

Will support granted rights or denial of rights models. For one resource, exclusive or. Group agreed that
both are necessary.

Resources can contain other resources, concept of atomic resource.

The hierarchy can contain both types of resource mechanism at any level in the hierarchy.

While traversing the tree, as soon as a denial is struck, the traversal terminates.
ResourceType

Type of resource allows you to decide whether organization should be a tree (subclass) or a hash table
(atomic). Base implies that a person will be assigning rights. Atomic implies that an application will
assign rights. Requirement to classify resources into categories. Global uniqueness – nothing below root
node must be globally unique.

New Issue: What is the difference between a “root_node” and “atomic” node?

ResourceNameComponent

Created for ease of use with Naming Service.

New Issue: Issue where there is a resource, world is denied, group is granted, specific individual of group is
denied. Cannot be handled by current IDL.
RightsList

Not identical structure as in the security specification.

TimeIntervals

New Issue: Do we need to capture periodic rights? For example, after hours security may be more strict.

COAS defines notion of time spans.

Deny_times changes to applicable_times.

ResourceAccessPolicy

New Issue: Possible holes in negative states of access policies.

Credential attributes and dynamic attributes groups, dynamic attributes evaluated at run-time.

ResourceRepository

Create_resource_def and delete_resource_def changed to add_… and remove_…

remove_dynattribute_support added.

Traverse from resource to policy.

New Issue: Should we allow two methods, one remove node, one remove resource name subtree?

Can a node be in two different trees? Support for links? This can cause problems as a node can have to
different states in terms of access policies at the same time.

New Issue: Add text explaining that a real world resource can be defined and used multiple times, there is
no way to prevent this.

Resource key is an application defined name to be used by the HRAC to communicate with the application
in the future.

New Issue: Does POA allow an object key to be associated with something which is not an object?
Konstantin

New Issue: Should the dynamic attribute eval method support the notion of time, so that a relationship can
be “remembered” to exist in the past and not only at the present time?

Possibility raised to add a priority attribute to allow emergency access.
Submission Draft Outline
Preface
Supporting Organizations
Conventions
Terminology
Specific Terminology
Proof of Concept
Changes to Adopted
Response to RFP Requirements
Overview of Response
Introduction
Problems Addressed
Problems Not Addressed
Domain Reference Model
Determination of RFP Scope
Answer Possible Questions
Design Goals
Use Scenarios
Healthcare Use Scenarios
Object and Data Models
IDL Interface Descriptions
Conformance Classes
Appendix
IDL
Detailed Use Cases

New Issue – Title of submission, not actually access control, possibly access authorization.
Changes to 2AB Proposal

AccessDecision should not be locality constrained. To do so HRAC service vendor would need to provide
shared libraries, DLL, etc. Also, one ADO per organization may be sufficient. Requires changes to the
IDL, would definitely not want to pass credentials. Attributes are sufficient. Attributes should be list for
access_allowed, multiple_access_allowed.

DynamicAttributeEval also should have a sequence of attribute lists.

Garbage collection on resource keys.

Separate access and admin methods into two interfaces.

Prev by Date: Monday session of HRAC submitters is moved to Tuseday, 9/15
Next by Date: Minutes from Thursday night meeting
Prev by thread: Monday session of HRAC submitters is moved to Tuseday, 9/15
Next by thread: Minutes from Thursday night meeting
Index(es):
- Date
- Thread