...
- Time: 11:00am Eastern Daylight Time US (UTC-4)
- U.S.A/Canada toll free: 866-740-1260, participant code: 2257295
- International toll free: http://www.readytalk.com/intl
- Use the above link and input 2257295 and the country you are calling from to get your country's toll-free dial-in number
- Once on the call, enter participant code 2257295
- IRC:
- Join the #duraspace-ff chat room via Freenode Web IRC (enter a unique nick)
- Or point your IRC client to #duraspace-ff on irc.freenode.net
Attendees
- Nikhil Trivedi
- Michael Durbin
- Kevin S. Clarke
- Unknown User (escowles@ucsd.edu)
Longshou Situ- Martin Dow
- Eric James
Ed Fugikawa - Osman Din
- David Wilcox
Agenda
Minutes
- XACML Authorization Delegate (lead by Greg Jansen)
- Had a meeting earlier this week to go over requirements
- Created astraw man to get feedback
- Primer on understanding XACML
- How do we map policies?
- For a given request, how do we know what is in scope?
- Complete proposal can be found here.
- Questions
- Mike: Does the policy folder need to be a hard requirement?
- What if people want to distribute policies differently?
- More referential integrity means this should be a hard requirement
- The folder could be put somewhere else in the graph
- Stephano: Will XACML rules overlap with Tomcat roles?
- It is a drop-in replacement
- If you are a Fedora Admin Tomcat role you would bypass XACML
- You can replicate tomcat roles in XACML
- Make this a test case
- Eric: Is the policy combining algorithm global to the repo?
- At the top of any particular scope you would have one policy set that is in scope for that request
- Evaluate all and either permit or deny depending on configuration
- Mike: Does the policy folder need to be a hard requirement?
- Policies will need to refer to XACML attributes to evaluate requests:
- Resource attributes
- Subject attributes
- Environment attributes
- Time of request, ip address, etc.
- Need a way to look for resource and subject attributes
- Can use JCR 1.0 XPath
- Greg: Should SPARQL queries replace XPath?
- Consensus is yes.
- Questions
- Eric: What is involved with making attributes available to XACML?
- Have to create at least one class to look for attributes
- Define attributes in config, have one class that can parse a configuration to find the data
- Eric: What is involved with making attributes available to XACML?
- Questions
- Martin: Rights expression language?
- Martin: want to use RDF with a rights-expression standard
- ODRL?
- May require additional configuration to support
- Martin: want to use RDF with a rights-expression standard
- Martin: Rights expression language?
...