���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������03:36:13 [scor]scor has quit ()
05:54:24 [timbl]timbl (n=timbl@polisgrans.ath.forthnet.gr) has joined #dig
06:31:07 [timbl]timbl has quit ()
10:41:53 [drrho]drrho (n=rho@chello213047112079.11.11.vie.surfer.at) has joined #dig
10:48:50 [danbri]danbri (n=danbri@s55927ef8.adsl.wanadoo.nl) has joined #dig
11:41:58 [scor]scor (n=scor@drupal.org/user/52142/view) has joined #dig
11:51:04 [RalphS]RalphS (n=swick@30-6-92.wireless.csail.mit.edu) has joined #dig
11:52:02 [danbri]danbri has quit ()
12:14:43 [marisol]marisol (n=marisol@30-5-61.wireless.csail.mit.edu) has joined #dig
12:23:53 [marisol]marisol has quit ()
12:44:23 [marisol]marisol (n=marisol@30-5-61.wireless.csail.mit.edu) has joined #dig
12:46:53 [danbri]danbri (n=danbri@s55927ef8.adsl.wanadoo.nl) has joined #dig
13:20:29 [lkagal]lkagal (n=lkagal@143.71.171.66.subscriber.vzavenue.net) has joined #dig
13:21:30 [scor]scor has quit ()
13:36:06 [lkagal]lkagal has quit ()
13:41:24 [DanC]any tabulator users/developers around? I haven't used it in ages but I think I could use it today... any recommendations on how to install it?
13:47:27 [scor]scor (n=scor@drupal.org/user/52142/view) has joined #dig
14:08:32 [marisol]marisol has quit ()
14:19:42 [pipian_]pipian_ (n=pipian@w3cdhcp27.w3.org) has joined #dig
14:34:28 [lkagal]lkagal (n=lkagal@143.71.171.66.subscriber.vzavenue.net) has joined #dig
14:46:12 [lkagal]lkagal has quit ()
14:52:56 [oshani]oshani (n=oshani@30-6-47.wireless.csail.mit.edu) has joined #dig
14:55:38 [danbri]danbri has quit ()
15:13:42 [danbri]danbri (n=danbri@s55927ef8.adsl.wanadoo.nl) has joined #dig
15:23:26 [jambo]DanC, https://addons.mozilla.org/en-US/firefox/addon/5596 is the preferred installation method now, I believe.
15:23:46 [DanC]that asked for some login
15:24:01 [oshani]yeah, it's in AMO sandbox still
15:24:12 [jambo]ah, bogus
15:24:16 [oshani]need community accpetance to graduate :)
15:28:15 [jambo]well, in that case, if you don't want to make an account, the version at http://dig.csail.mit.edu/2007/tab/release/tabulator-0-8-7.xpi is the same as what's on amo, but sadly then won't automatically pull new releases
15:30:29 [oshani]or else, you can configure to run Tabulator from source. Some instructions here: http://dig.csail.mit.edu/TAMI/2008/JustificationUI/howto.html#source
15:33:27 [scor]scor has quit ()
15:39:16 [jambo]jambo has quit (Read error: 54 (Connection reset by peer))
15:43:29 [oshani]oshani has quit ("Leaving.")
15:43:30 [oshani1]oshani1 (n=oshani@30-6-47.wireless.csail.mit.edu) has joined #dig
16:04:00 [scor]scor (n=scor@drupal.org/user/52142/view) has joined #dig
16:18:34 [scor]scor has quit ()
16:23:23 [scor]scor (n=scor@drupal.org/user/52142/view) has joined #dig
16:49:10 [lkagal]lkagal (n=lkagal@30-6-28.wireless.csail.mit.edu) has joined #dig
17:00:48 [scor]scor has quit ()
17:19:21 [DanC]ugh... now tabulator won't tell me anything interesting about this n3 file. it just displays the full URI of the .n3 file and an X
17:19:37 [DanC]oshani1, jambo, are you around to de-mystify?
17:20:14 [DanC]http://pastebin.com/m25951215
17:20:28 [DanC]^ the n3 I'm trying to view with tabulator
17:22:22 [DanC]argh. the tabulator teases me again. it gave me the impression it would work, but now it doesn't, and there's no clue as to why not
17:23:16 [DanC]still nothing useful
17:23:47 [DanC]where are the view tabs?
17:25:17 [DanC]HELP!@L!J@#L!KJ@#!@
17:29:08 [DanC]<melvster> DanC: http://dig.csail.mit.edu/2007/tab/
17:29:41 [oshani1]danC, I am looking at the pastebin right now
17:29:47 [DanC]thanks
17:30:17 [DanC]browsing http://dig.csail.mit.edu/2005/ajar/ajaw/data#Tabulator works as expected
17:30:40 [DanC]phpht. now 1N8R.n3 is working. I wonder what got stuck/unstuck
17:30:54 [DanC]"a broken appliance always works when demonstrated for the repairman"
17:32:05 [oshani1]I see "Error: not well-formed
17:32:05 [oshani1]Source File: file:///home/oshani/test.n3
17:32:05 [oshani1]Line: 1, Column: 1
17:32:05 [oshani1]Source Code:
17:32:05 [oshani1]@prefix _3: <#>."
17:33:15 [DanC]that's wierd. it looks well-formed (n3) to me
17:34:36 [oshani1]danC, can't you see anything at all? Because, it's only the default view that's not working for me..
17:35:02 [DanC]it's all working for me now. I have no idea why it wasn't working before or why browsing the tutorial un-stuck it.
17:35:32 [DanC]now it's stuck again
17:35:49 [oshani1]what's in the error console?
17:36:38 [DanC]"not well-formed ..."
17:36:56 [DanC]maybe RDF/XML will work better...
17:37:25 [oshani1]well, okay.. the default view works for me after a restart
17:37:32 [oshani1]all the views are working
17:37:55 [DanC]the question is: why does it get stuck?
17:38:05 [DanC]now rdf/xml isn't working, and there are no clues in the error console
17:38:13 [DanC]it says "data sources pending: 1"
17:38:35 [DanC]does tabulator not work while data sources are pending?
17:39:00 [oshani1]RDF/XML view wouldn't work if there are any nested formulas, but here it's not the case
17:40:34 [oshani1]re data sources pending, I am not sure how it would behave
17:40:56 [DanC]and tim wonders why I'm so reluctant to use this thing. >-|
17:41:34 [oshani1]DanC, just wondering... what version of Firefox are you using?
17:41:46 [DanC]whatever comes with ubuntu...
17:42:00 [DanC]3.0.7
17:42:03 [oshani1]great
17:43:01 [DanC]wild... browsing http://dig.csail.mit.edu/2005/ajar/ajaw/data#Tabulator gets it un-stuck again
17:44:58 [oshani1]IIRR from sources.js, Tabulator pulls data from some hardcoded URIs
17:45:47 [drrho]drrho has quit (Remote closed the connection)
17:45:48 [oshani1]oshani1 is now known as oshani
18:24:41 [kkw]kkw (n=kkw@cpe-69-203-16-43.nyc.res.rr.com) has joined #DIG
18:28:22 [scor]scor (n=scor@drupal.org/user/52142/view) has joined #dig
18:33:00 [oshani]kkw, are you on the phone?
18:33:56 [kkw]yes!
18:33:59 [jsoltren]jsoltren (n=jsoltren@30-7-193.wireless.csail.mit.edu) has joined #dig
18:34:23 [oshani]Hi kkw
18:35:36 [Pipian__]Pipian__ (n=Pipian@30-7-14.wireless.csail.mit.edu) has joined #dig
18:36:40 [oshani]oshani has quit ("Leaving.")
18:36:42 [oshani]oshani (n=oshani@30-6-47.wireless.csail.mit.edu) has joined #dig
18:37:16 [jambo]jambo (n=Jambo@31-34-73.wireless.csail.mit.edu) has joined #dig
18:39:26 [fuming]fuming (n=fuming@30-5-226.wireless.csail.mit.edu) has joined #dig
18:40:22 [Pipian__]Fatih: Will talk about syntax and enforcement architecture, then some industry examples, elaborate on weaknesses, mention open source implementations, and comparing XACML and AIR, and finally list references.
18:40:53 [Pipian__]Fatih: XACML is an XML access control language with simple syntax, good expressivity, and machine processable.
18:41:05 [Pipian__]Fatih: It's an OASIS standard, and adopted widely.
18:41:14 [Pipian__]Fatih: Many implementations.
18:41:34 [Pipian__]lkagal: Supported by MS and IBM, that's why it's wide.
18:41:42 [Pipian__]Fatih: Need background in logic?
18:42:00 [Pipian__]Fatih: Top-level is a policy set that contains policy sets and policies.
18:42:15 [oshani]kkw, the slides: http://dig.csail.mit.edu/2009/DIG_Seminar/0319-faatih.pdf
18:42:31 [Pipian__]Fatih: Have Rules, Targets, and Obligations.
18:42:53 [Pipian__]Fatih: Targets allow for matching by request.
18:43:04 [oshani]oops, sorry wrong URI
18:43:05 [oshani]http://dig.csail.mit.edu/2009/DIG_Seminar/0319-fatih.pdf
18:43:25 [Pipian__]Fatih: Rule is similar construct to Policy, but with a condition.
18:43:45 [Pipian__]Fatih: Obligations are things that must be satisfied when matched.
18:44:19 [Pipian__]Fatih: Some monitoring system that upholds obligations.
18:44:33 [Pipian__]lkagal
18:44:51 [Pipian__]: Is a target a list of subjects/resources/actions or conditions?
18:45:09 [Pipian__]Fatih: Everything is concrete.
18:45:34 [Pipian__]lkagal: But a list?
18:45:39 [Pipian__]Fatih: yes.
18:46:13 [Pipian__]Fatih: There's also an environment involved when matching the target.
18:46:51 [Pipian__]lkagal: Does the framework specify a time with the obligation?
18:47:12 [Pipian__]Fatih: It's primitive and application-specific.
18:47:42 [Pipian__]Fatih: As a result, it's flexible.
18:49:20 [Pipian__]Pato: Not the same as a privacy-obligation.
18:49:38 [Pipian__]Fatih: The entity diagrame.
18:50:13 [Pipian__]Fatih: Combining algorithms resolve conflicts between policies and rules.
18:50:45 [Pipian__]Fatih: An EBNF grammar of the language.
18:51:17 [Pipian__]Fatih: Policy combinations as a 'meta-policy'
18:52:10 [Pipian__]Fatih: A policy in XML.
18:52:54 [Pipian__]Kenny: What's the difference betwen the target in the rule and in the policy?
18:53:05 [Pipian__]Fatih: Syntactically similar, but allows flexibility.
18:53:55 [Pipian__]Fatih: Scoping.
18:55:13 [Pipian__]Fatih: A mechanism exists for a default rule.
18:55:58 [Pipian__]Fatih: And now enforcement mechanisms. Five entities that can be extended and may have more.
18:56:48 [Pipian__]Fatih: Policy Enforcement Point (PEP) - Entity sending request to authorization service (PDP). Agent attached to app needing decision. Formats XACML request form.
18:57:43 [Pipian__]Fatih: Policy Decision Point (PDP) - Takes request and applies policy to determine.
18:58:11 [Pipian__]Fatih: Context Handler: Provides context (???)
18:58:37 [Pipian__]Policy Information Point (PIP): ???
18:58:49 [Pipian__]An LDAP system
18:58:57 [Pipian__](retrieve values)
18:59:21 [Pipian__]Policy Administration Point (PAP): Responsible for maintaining the policy sets.
19:00:07 [Pipian__]1. PAP provides policy to PIP
19:00:16 [Pipian__]2. User request service from PEP.
19:00:28 [Pipian__]3. Context handler adds context.
19:00:36 [Pipian__]4. PDP asked about policy.
19:00:45 [Pipian__]5. PDP requests attribute.
19:00:57 [Pipian__]6. Context Handler fetches attribute from PIP.
19:01:20 [Pipian__]7. PIP combines Subjects/Resources/Environment attribute managers
19:01:35 [Pipian__]8. PIP notifies Context Handler of attributes
19:01:47 [Pipian__]9. ???
19:01:54 [Pipian__]10. Attributes forwtarded to PDP.
19:02:19 [Pipian__]11. PDP creates response context.
19:02:29 [Pipian__]12. Response is forwarded back to PEP
19:03:05 [Pipian__]Fu-Ming: Separate PIP because of attributes in different parts of the system.
19:03:09 [Pipian__]Fatih: Yes.
19:05:47 [Pipian__]Pato: This architecture is older than XACML. XACML separated context handler from PEP.
19:05:49 [oshani]oshani has quit ("Leaving.")
19:05:51 [oshani1]oshani1 (n=oshani@30-6-47.wireless.csail.mit.edu) has joined #dig
19:06:17 [Pipian__]kkw: What are subjects, environments, resources, and actions?
19:06:57 [Pipian__]kkw: Entity of subject, data is resource, context is environment
19:07:23 [Pipian__]Fatih: Yes.
19:07:41 [Pipian__]kkw: Relative environments. Supported?
19:07:54 [Pipian__]Fatih: Doesn't have to be related to either.
19:08:06 [Pipian__]Fatih: An example.
19:10:35 [Pipian__]Fatih: Examples of industry deployment
19:10:54 [Pipian__]Fatih: Profiles for different environments (RBAC, Web Services, Privacy)
19:11:25 [Pipian__]kkw: Is anyone expanding to ABAC?
19:11:34 [Pipian__]Fatih: XACML is already a form of ABAC.
19:11:44 [Pipian__]Pato: People have used XACML to encode ABAC systems.
19:12:48 [Pipian__]Fatih: Use SAML to transport between XACML and actual locations.
19:13:26 [Pipian__]Fatih: Using this by integrating with an ID Management system.
19:13:41 [Pipian__]Fatih: many companies working on the committee (version 3)
19:14:20 [Pipian__]Fatih: Some OS orgs using XACML (FedoraCommons, Health-care systems, Geospatial XACML)
19:15:41 [Pipian__]Fatih: Weaknesses of XACML: Verbose, like XML.
19:16:34 [Pipian__]Fatih: Scalability
19:16:48 [Pipian__]Fatih: Need profiles and schemas due to the basic structure.
19:17:23 [Pipian__]Fatih: Work on 3.0 (general conclusions, generic architecture)
19:18:09 [Pipian__]Fu Ming: Verbose, but you were explaining size (scalability)? Is that related?
19:18:16 [Pipian__]Fatih: Talking about XML
19:18:53 [Pipian__]Fatih: Delegation problems.
19:19:04 [Pipian__]Fatih: Informal syntax (???)
19:19:39 [Pipian__]Fatih: Cannot verify properties easily (Separation of Duty, Permissions)
19:19:58 [Pipian__]Fatih: Compatibility checking difficult.
19:20:08 [Pipian__]Fatih: Enforcement difficult.
19:20:25 [Pipian__]lkagal: Why is enforcement difficult?
19:20:44 [Pipian__]Fatih: Infrastructure is distributed.
19:22:17 [danbri]danbri has quit (kubrick.freenode.net irc.freenode.net)
19:22:37 [danbri]danbri (n=danbri@unaffiliated/danbri) has joined #dig
19:23:44 [Pipian__]Pato: Enforcement is at the PEP, XACML is an architecture, not an implementation.
19:23:57 [Pipian__]Pato: Verification of system operation is difficult.
19:24:50 [Pipian__]Fatih: Verification AND Enforcment are Enforcement.
19:25:37 [Pipian__]Fatih: Implementation list
19:26:18 [Pipian__]Fatih: AIR is formal, XACML not.
19:27:34 [Pipian__]Fatih: XACML for access control, AIR more generic.
19:27:56 [Pipian__]Fatih: Obligations in AIR?
19:28:13 [Pipian__]Fatih: A deployment for enforcement?
19:29:18 [Pipian__]Fatih: Structure?
19:29:26 [Pipian__]lkagal: Policy -> Rule -> Pattern
19:29:41 [Pipian__](versus PolicySet -> Policy -> Rule)
19:30:32 [Pipian__]Fatih: AIR for offline analysis, not online analysis.
19:32:04 [RalphS]RalphS has quit ("bye for today")
19:35:42 [Pipian__]Fatih: Conflicts are easy?
19:36:10 [Pipian__]lkagal: Not necessarily. Can reason over policies with context, but not statically.
19:41:02 [Pipian__]Kenny: How do you extend functions in XACML?
19:41:08 [Pipian__]Fatih: Depends on PDP.
19:47:54 [Pipian__]kkw: May get to see the DHS policies in XACML.
19:55:37 [Pipian__]Pipian__ has quit ()
19:55:37 [lkagal]lkagal has quit ()
19:56:08 [fuming]fuming has quit ()
20:05:26 [oshani1]oshani1 has quit ("Leaving.")
20:11:29 [jambo1]jambo1 (n=Jambo@LANDAU-FOUR-THIRTY-ONE.MIT.EDU) has joined #dig
20:13:22 [fuming]fuming (n=fuming@dhcp-18-111-6-113.dyn.mit.edu) has joined #dig
20:17:40 [oshani]oshani (n=oshani@30-6-47.wireless.csail.mit.edu) has joined #dig
20:25:28 [lkagal]lkagal (n=lkagal@30-6-28.wireless.csail.mit.edu) has joined #dig
20:29:06 [jambo]jambo has quit (Read error: 110 (Connection timed out))
20:32:36 [kkw]quit
20:32:47 [kkw]kkw has quit ()
20:33:54 [jambo1]jambo1 has quit (Read error: 110 (Connection timed out))
20:37:51 [oshani]oshani has left #dig
21:17:05 [oshani]oshani (n=oshani@c-65-96-185-230.hsd1.ma.comcast.net) has joined #dig
21:19:40 [DanC]is there a way to clear tabulator's store?
21:19:54 [DanC]it won't seem to forget that there was a syntax error in an earlier version of this file
21:23:09 [oshani]oshani has quit ("Leaving.")
21:27:43 [DanC]stuck with "data sources pending: 4" again.
21:27:54 [DanC]it loaded a few triples from this file, but not nearly all of them. :-/
22:07:03 [jsoltren]jsoltren has quit ("Leaving.")
22:07:42 [pipian_]pipian_ has quit (Remote closed the connection)
22:14:30 [danbri]danbri has quit ()
22:16:24 [danbri]danbri (n=danbri@s55927ef8.adsl.wanadoo.nl) has joined #dig
22:16:32 [jsoltren]jsoltren (n=jsoltren@EDGERTON-FIVE-EIGHTY-TWO.MIT.EDU) has joined #dig
22:17:02 [jsoltren1]jsoltren1 (n=jsoltren@EDGERTON-THREE-EIGHTEEN.MIT.EDU) has joined #dig
22:19:44 [scor]scor has quit ()
22:26:49 [danbri]danbri has quit ()
22:29:09 [fuming]fuming has quit ()
22:34:01 [fuming]fuming (n=fuming@18.105.7.244) has joined #dig
22:34:48 [fuming]fuming has left #dig
22:37:02 [jsoltren]jsoltren has quit (Read error: 110 (Connection timed out))