This wiki has undergone a migration to Confluence found Here
November 4th 2008 Security Conference Call
Jump to navigation
Jump to search
==Attendees== (expected)
- Bernd Blobel Security Co-chair, absent
- Mike Davis Security Co-chair
- Frank Din
- Suzanne Gonzales-Webb CBCC Co-chair
- Glen Marshall Security Co-chair, absent
- Rob McClure
- John Moehrke
- Richard Thoreson CBCC Co-chair
- Ioana Singureanu, absent
- Tony Weida
- Craig Winter
Agenda & Meeting Minutes
(05 min) Roll Call
- (15 min) Approve Minutes & Accept Agenda (Mike D / Rob M) with discussed updates
- (40 min) Discussion
- Semantic Interoperability - discussion, presentation (Rob McClure) in two weeks
- Semantic interoperability as an end goal wherein at policy level, the two systems see policy as the same thing with no confusion.
- Trigger events discussed.
- Review, Q&A, Clarification of Constraint Catalog Example presented at last meeting discussed
- Row 2 is where there are possible interoperability points where Security needs to enforce policy
- Row 3 are examples from the current Permission Catalog and CBCC's Data Consent Model of Row 2
- A starting vocabulary should be decided upon in order to begin work on Constraint Catalog
- The ability to encode policy to a language (i.e. XACML--a policy language)
- Use vocabulary in the data consent and plug into consent matrix (or codes you are coming up with)
To Do List
Group Homework: To Review the Draft Constraint Catalog Constraint Catalog
- Does this spreadsheet contain enough information? too much information?
- Confirm that the most current data is available in each column
- Prepare to give comments at next meeting
