[plasma] Fwd: The PoLicy Augmented S/Mime \(plasma\) bof discussion list

Patrick Patterson <ppatterson@carillon.ca> Fri, 27 July 2012 23:01 UTC

Return-Path: <ppatterson@carillon.ca>
X-Original-To: plasma@ietfa.amsl.com
Delivered-To: plasma@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F57711E80F2 for <plasma@ietfa.amsl.com>; Fri, 27 Jul 2012 16:01:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i3kBBZsXlnxM for <plasma@ietfa.amsl.com>; Fri, 27 Jul 2012 16:01:14 -0700 (PDT)
Received: from mail.carillon.ca (mail.carillon.ca [207.115.107.18]) by ietfa.amsl.com (Postfix) with ESMTP id 59E5511E80C4 for <plasma@ietf.org>; Fri, 27 Jul 2012 16:01:14 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.carillon.ca (Postfix) with ESMTP id 28440A83FDF for <plasma@ietf.org>; Fri, 27 Jul 2012 19:01:17 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at rhea-new.carillon.ca
Received: from mail.carillon.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p6fybs-5lfiJ for <plasma@ietf.org>; Fri, 27 Jul 2012 19:01:16 -0400 (EDT)
Received: from [192.168.42.129] (modemcable197.107-19-135.mc.videotron.ca [135.19.107.197]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.carillon.ca (Postfix) with ESMTPSA id 7052AA80058 for <plasma@ietf.org>; Fri, 27 Jul 2012 19:01:16 -0400 (EDT)
From: Patrick Patterson <ppatterson@carillon.ca>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Fri, 27 Jul 2012 19:01:12 -0400
References: <E545B914D50B2A4B994F198378B1525D5B8B27AE@DF-M14-12.exchange.corp.microsoft.com>
To: plasma@ietf.org
Message-Id: <31DE458B-4A7A-40B8-BE11-17D3B0CEA4D4@carillon.ca>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
Subject: [plasma] Fwd: The PoLicy Augmented S/Mime \(plasma\) bof discussion list
X-BeenThere: plasma@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The PoLicy Augmented S/Mime \(plasma\) bof discussion list." <plasma.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/plasma>, <mailto:plasma-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/plasma>
List-Post: <mailto:plasma@ietf.org>
List-Help: <mailto:plasma-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/plasma>, <mailto:plasma-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2012 23:01:15 -0000

From Trevor:

Begin forwarded message:

> From: Trevor Freeman <trevorf@exchange.microsoft.com>;
> Date: July 27, 2012 6:58:56 PM EDT
> To: "Patrick Patterson [ppatterson@carillon.ca]"; <ppatterson@carillon.ca>;
> Subject: RE: The PoLicy Augmented S/Mime \(plasma\) bof discussion list
> 
> 
> Hi Hal.
> 
> 
> 
> Thanks for the feedback.
> 
> 
> 
> The editorial comments (P4 & P7) seem straight forward I have incorporated those in the 02 draft I just published. In that draft, I also revised the ABAC definition in line with your comments.  We had a lot of feedback in Paris on the terminology\vocabulary and I have tried to incorporate that in the new draft.
> 
> *        We have changes the name of the Plasma client from a PEP to a Decision Requestor. This is to more accurately reflect is does not enforce decisions, and that Plasma supports many types of decision types, not just access control.
> 
> *        We have changes the PDP to be a Policy Decision and Enforcement Point to reflect that in the Plasma model both functions are in the single logical entity (this does not require they be implemented as a single physical entity)
> 
> *        We have changed policy set to policy collections to avoid confusion with the XACML policy sets. In Plasma the policy collection is used by clients as a means to manage what choices a client has for which polies can be applied to a message. They don't play a part in the actual decision itself.
> 
> *
> 
> You have a number of technical questions which I believe are answers in the following Plasma documents.
> 
> 
> 
> http://datatracker.ietf.org/doc/draft-schaad-plasma-cms/
> 
> 
> 
> http://datatracker.ietf.org/doc/draft-schaad-plasma-service/
> 
> 
> 
> 
> 
> I have added a new scenario for document integrity policy. Plasma is intended as a general purpose policy enforcement mechanism, not just access control. I have realized that while we talk about this point a number of places, the language still assume just access policy so those changes are causing a bigger ripple through the document as I try to realign the terminology.
> 
> 
> 
> The current work is targeted as a means to make generic policy decision requests so by design has no dependencies on any specific language as we want to insulate the client from policy. We plan to tackle the distribution of policy between the PDEP and PAP as a subsequent work  which is where much of the policy specific dependencies will be called out. I will clarify the needs for standards in this area in the generic requirements doc. I understand a lot of large customer have invested in XACML so I don't doubt XACML will be part of the policy distribution draft.
> 
> 
> 
> Thanks again for taking the time to review our work.
> 
> Trevor
> 
> 
> 
> In response to Requirements for Message Access Control  (http://tools.ietf.org/pdf/draft-freeman-plasma-requirements-01.pdf) the OASIS XACML Technical Committee has agreed to submit the attached comments.
> 
> 
> 
> The public link to this document is:
> 
> 
> 
> https://www.oasis-open.org/committees/download.php/46049/Proposed%20response%20to%20Plasma%20v1-3.docx
> 
> 
> 
> Hal Lockhart
> 
> Bill Parducci
> 
> Co-chairs OASIS XACML TC
> 

---
Patrick Patterson
President and Chief PKI Architect
Carillon Information Security Inc.
http://www.carillon.ca

tel: +1 514 485 0789
mobile: +1 514 994 8699
fax: +1 450 424 9559