Minutes from Thursday night meeting

["David M. Chizmadia" <dmc@tycho.ncsc.mil>]

Here are the minutes from the Thursday night meeting.  

Enjoy.

-DMC

=====

Minutes of HRAC Submitters' meeting (17 Sept 1998) 
  - by Bob Blakley, Dave Chizmadia, and Carol Burt

Attendees

Konstantin Beznosov (BHSSF)
Bret Hartman (Concept 5)
Andre Srinivasan ( Inprise)
David Forslund (LANL)
David Kilman (Theragraphics)
Bapa Rao (TIS Labs)
Bob Blakley (IBM)
Polar Humenn (Adiron)
Dave Chizmadia (NSA)

Dave Chizmadia will circulate these minutes.

1. IBM IDL Proposal

Bob reports that he & Carol have discussed the differences between 
the IBM and 2AB proposals and he has agreed to withdraw the IBM 
proposal and proceed using the 2AB proposal as a base document 
for the submission.

2. NSA Object Model Proposal Discussion (Dave Chizmadia)

Dave believes that the 2AB proposal's object model is similar in 
spirit to the NSA object model.  

It appears that Dave's proposal is more abstract than, but consistent 
with, both the existing CORBAsecurity mechanism and the 2AB proposal.  
In view of this, Dave is content to withdraw his model proposal in 
favor of the model diagrammed in the 2AB document.

3. BHSSF Policy Language Model Proposal (Konstantin Beznosov)

Konstantin proposes replacing the existing required rights language 
(which is based on lists of rights) with a more expressive model 
based on propositional formulas.

Konstantin is willing to drop negation from his language if it's 
judged not desirable by the group.  Bob objects to the inclusion 
of negation on the grounds that it can lead to situations in which 
the policy administrator "grants" a right to a user, and the "grant" 
of the (positive) right leads to denial of access.

Polar is also uncomfortable with inclusion of negation here.

Bob objects to the complexity of Konstantin's model, because it 
interferes with scalability by forcing security attribute 
administration and rights administration together in the 
propositional formulas which are returned by Konstantin's proposed 
revised required rights interface.

Brett sees a problem with complexity of the access policies you 
can state using the propositional formula mechanism.

Bob described an alternative proposal he & Carol have been working 
on which will help to make the rights management interface simpler 
and more independent of policy engine implementations - this might 
make it possible to leave the required rights/propositional formula 
interfaces out of the specification.

Polar asserts that writing policies in first-order predicate calculus 
will also be very difficult.

We polled the audience to judge whether Konstantin's proposal should 
continue to be worked on.

Konstantin votes to continue with work on the proposal.  Bob votes 
not to move forward with the proposal.  Brett Votes not to move 
forward with the proposal.  Carol votes not to move forward with 
the proposal (simplify, don't complexify).  Andre votes not to move 
forward with Konstantin's proposal (go with 2AB instead).  Polar 
votes not to move forward with Konstantin's proposal (too complicated 
and issues likely remain).  Bapa doesn't vote but expresses discomfort 
with the complexity of the proposal (consider how much additional 
expressiveness you need and see if you can't use a judicious extension 
of combinators and rights without going to a full-fledged arbitrary 
propositional expression).  Dave votes to proceed with the 2AB proposal 
rather than Konstantin's (feels we're not ready for something this 
complex yet, though feels it's desirable).  David votes to proceed 
with the 2AB proposal rather than Konstantin's.

The outcome of the vote was

In favor of continuing: 1
 Opposed to continuing: 7
               Abstain: 1

    (2 to 1 against continuing among submitters voting)

On the basis of this vote we concluded to continue on the basis of 
the 2AB proposal, which is based on rights and combinators only 
(though we will add support for intervals), and not to continue 
work on Konstantin's proposal for the initial submission.

Brett would like to see the HRAC interfaces permit Konstantin's rights 
language (i.e. be neutral to rights languages under the AccessDecision 
interface).

4. Proposal Outline and Assignments

Preface     
 Supporting Organizations               Dave Chizmadia
 Conventions                            Dave Chizmadia
 Terminology                            Dave Chizmadia
 Proof of Concept Statement             Bob Blakley
 Changes to Adopted Technologies        Carol Burt
 Response to RFP Requirements           Bob Blakley
Overview      
 Introduction                           Konstantin Beznosov
 Problems addressed                     Konstantin Beznosov
 Problems not addressed                 Konstantin Beznosov
 Reference Model                        Dave Chizmadia
 Scope                                  Carol Burt
 FAQ                                    mailing list
Design Goals                            Bob Blakley
General Usage Discussion                Bob Blakley
Healthcare Specific Usage Scenarios     Konstantin Beznosov 
                                        and John Barkley and 
                                        Juggy Jaganathan
Object and Data models                  Carol Burt (may omit)
IDL Interface Descriptions              Carol Burt
Conformance Classes                     Bob Blakley
Appendix     
 IDL                                    Carol Burt  
 Use Cases                              Konstantin Beznosov 
                                        and John Barkley and 
                                        Juggy Jaganathan


Issue: required IDL definitions from RFP - who does this & 
where does it go?

Schedule:  need drafts of all sections by 2 October 1998.


----------------
Broadcast message to hrac-rfp from "David M. Chizmadia" <dmc@tycho.ncsc.mil>.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.