[OpenAz] Minutes from OpenAZ call Feb 18

[Harold Lockhart]

Attendees

Josh Bregman             Oracle
Naomaru Itoi             Nextlabs
Rich Levinson            Oracle
Hal Lockhart             Oracle
Prateek Mishra           Oracle

Rich described the new PEP layer in the API and showed the structure of the documentation.

Nao: What can you do with the main API that you can't do with the PEP layer?

Answer: more generality in attributes provided, Obligation support, support for other Subject categories. In general, the PEP layer does not provide access to all XACML capabilities. 

There was a discussion of the ability to define before and after handlers.

Nao: Is there persistent per handler data which could be used for example to cache attribute values from one request to the next?

This can probably be done using standard Java mechanisms. Need to research if anything special is needed.

The email from Ray Cardillo was discussed. He identified two requirements. One is support for the Open SSO client. This is not a problem technically, but there may be license issues. The second is to have configurably pluggable providers. AzAPI is intended to support pluggable providers, but more investigation is required to determine if this is sufficient for Ray's requirements.

Project plans were discussed. The PEP layer is complete for this round. The next step is to get the Sun XACML implementation up in running in some limited mode. This may mean supporting just the PEP layer initially.

The next call will be March 4.