W3C

- DRAFT -

W3C Workshop on Access Control Application Scenarios

17 Nov 2009

Agenda

See also: IRC log

Attendees

Present
Regrets
Chair
Rigo Wenning, Hal Lockhart
Scribe
dsr, tlr, carine

Contents


 

 

<dsr> Introductions by the chairs

<dsr> We go around the room introducing ourselves.

Benjamin Aziz, Slides

<rigo> Agenda: http://www.w3.org/2009/policy-ws/agenda.html

<rigo> chair: Hal Lockhart

<rigo> scribenick: rigo

Hal: ??

Ben: it depends on DSA

Hal: if you have single file and data and you only want to show image, if offline

Ben: yes, if the policy says it shouldn't than it shouldn't . If the images was given, not the experiment, the image will be given, but not the rest
... having ACL on parts of the file is definitely an issue

Greg: enforcement of offline case?
... does this requires the XACML running on the machine?

Ben: yes, need XACML engine on client machine, PEP

Andreas: sticky policy, policy becomes a kind of license

hal: will be discussed further

=================

Nick Papanikolaou on Towards an Integrated Approach to the Management, Specification and Enforcement of Privacy Policies

-- Hal was asking also about the offline case in previous session and about the access on a part of a file

-- Ben responded that both are needed

Andreas: transfer from US to DE sounds familiar

Tomas: It is worse the other way around

<Mario> other way around is not possible

Nick Papanikolaou == np:

TCB: lawyer and IT don't understand each other, don't want to understand some time
... language has to be clear enough so that lawyers can understand
... translation of OJ, sometimes fine translation, sometimes just plain translation

AM: have you looked into Creative Commons (CC), there is no enforcement (on purpose)?

NP: one person working on contracts, not tech person, several service levels, more controls if you pay more

AM: one CC use would be "for commercial purpose" under the following conditions
... cannot explicitly says commercial

ME == Martin Euchner

ME: legal stuff is fairly difficult to translate into formal lang. need some intermediate step. company policies are closer, can be translated, at what level you find the abstraction?

NP: ACL is very low level (unix, XACML), legal language is very high level, have to find common characteristics, these data can be accessed under following characteristics
... in paper some examples about structures informal, try to turn in more formal

Greg: translation manual

NP: yes

MTB: gap between natural language and formal is huge

HL: TC is very interested in projects. Please contact chair or co-chair
... one of the diagrams, label doesn't match the text
... nature of the level

AM: has someone a GUI for the PAP

NP: that's a goal

HL: figuring what kinds of approaches may work

NP: yes

HL: have to agree what the constructs are

RW: consensus by ambiguity

DC == David Chadwick

DC: agreement on meaning is impossible

TCB: 1000 ambiguity can be burned down to 20 by formal language
... try to reduce ambiguities as much as possible, but don't try to remove all, will fail

Emmanuel Pigout == PG: we need to work from both sides to close that gap

RW: can IT deal with ambiguities

TCB: those are just bugs, we know how to deal with bugs, not easy

HL: several people talked lawyers, but formal language is talking about IT

PG: in Master we are using PSL to close that gap, do verification Mcalculus
... translating the controls that legislations try to put in place

NP: there is an interpretation and we can explore all the options that legal framework gives

HL: everybody agrees that hardest gap is between natural language and formal language
... create some kind of formal model and give that some verification points where you ask back

TCB: you still need some kind of bugzilla to clear the issues

HL: Ben, scientific data provided and share data. Do you have hopes that we can automate

Ben: data is evolving over time, additional prob. Customize policies to data, but haven't arrived there yet, perhaps transformations, what requirements to put on data

HL: prob in ACL is ACL calculus, means what is the comparison between ACL policy of A and ACL policy of B

Greg: scientific data, requirements in Primelife, it also applies to personal data. What are the policy of revealing that you're over 21

RW: scope must be narrow

AM: ACL policy is context dependent
... in US ID is shown for beer, even if you have grey hair
... could have an anon token on paper to go to the bar
... policy for accumulated data by service would be hard, so service should just forget, common criteria

SS: what about selling a token?

HL: information is collected, only known to a small number of people

PS: just need a credential

<dsr> The token needs to be tied to the person, which means that verification could involve collection of personal data, e.g. finger print, iris scan etc.

AM: is there a possiblity if a service is accumulating data about a person, accumulation and policy is an issue

<dsr> or more commonly photos

NP: over 21, you don't do electronically, plastic card "over 21"

HL: how do you prevent from giving it to your buddy

NP: no protection

HL: challenge people to have a different use case than legal age

Raphael: how to enforce policy, conflict, you want to control your data, therefor you must identify to control
... very complex prob, working on it

Greg: there are fancy crypto tools on service so that you don't collect data at all, zero knowledge proof

dsr: verified electronically, if its a human, the human will forget. Avoiding to collect

greg: in US they sweep passport in the bar

HL: they try to detect forgeries

TCB: people take hash from ear picture and have an ear scanner in the night club. Night club would have to invest a lot

DC: centralizing data in one place is a bad idea
... the more decentralized, the better it is.

<dsr> The hash of the ear photo is personally identifying information, and privacy sensitive.

NP: Problem is to keep that up to date

=============================================

<dsr> we break for coffee

Laurent Bussard on Can Access Control be Extended to Deal with Data Handling in Privacy Scenarios?

<dsr> scribe: dsr

<scribe> scribenick: dsr

HL: re XACML as DH aware AC, SAML and XACML don't cover trust statements

LB: is XACML the right language for privacy enhanced access control?

DC: we don't believe that one global language will be practical, but the response is easier to deal with

HL: XACML's use of obligation isn't the same as in LB's presentation.
... upper/lower bound on languages is dependent on semantics of obligations.

LB: for PrimeLife, we are concerned with comparing obligations which isn't covered by XACML.

RW: this could be handled via Semantic Web for declarative statements as basis for matching.
... how does XACML handle tests for comparisons?

The next scheduled talk is cancelled as John Tolbert isn't here at the workshop.

HL gives a brief summary of the Boeing position paper on XACML for Export Control and Intellectual Property Protection

HL: excited about people bring use cases on defining XACML access control attributes.
... we introduced obligations and advice into XACML as part of 3.0

If you don't understand the obligations access should be denied, whilst advice is info to pass to the requester

HL: another new feature is ability to associated attributes with values (?)

We've started work on a profile for obligation families

We have stayed clear of addressing obligation futures

In reference to LP's paper, it seems to me that you need to specify obligation semantics.

LB: we tried to address a useful subset, but to allow for news to be added later

HL: I would be very interested for people to define obligation profiles

RW: one of the use cases is delete my data after 8 weeks, but deletion is triggered by a timer event and isn't an access control operation as such

HL: that is out of scope for the XACML TC

looking forward to DC's presentation tomorrow.

HL: number 1 use case people mention is logging access.
... responding to RW, there is a relationship to XACML attributes.

LB: triggers aren't always caused by access control operations

ML: you could think of this as an operation that is triggered by access control but deferred.

RW: time is important

HL: XACML doesn't constrain obligations in any way.

RA: OSL is a kind of temporal logic that is relevant to this.

I can provide a reference later on

DC: we are looking at putting other languages within XACML using a way to notify the language

RW: how do you address interoperability in that case?

HL: it's an improvement of just putting an identifier in XACML.

DC: lots of call outs that trigger obligations. Receiver will balk if it doesn't understand the embedded language

<accorsi> M. Hilty et al. A Specification Language for Distributed Usage Control <http://www.springerlink.com/content/b18836662071k4j6/>.

AM: if you ask a data base for all attributes of an object, the access control mechanism can test to see if the set of attributes is okay

the obligation is used as a filter to strip out attributes the requester isn't permitted to access

DC: we have a similar solution, but use a 3rd call out to the PDP as a gate

AM: when requesting a map, some parts may need to be blurred out/hidden. There is no mechanism to verify that the filtering has happened correctly

Filtering by obligations is one case, another is filtering by attributes and a third is blurring out or transforming the data before delivery

DC: if something fails, you should get an exception

AM: the output for geographical data may be a binary image and not something the PDP can check.

Is there another way of checking?

RW: we need to be clear on terminology, lawyers and techies using different terms causes confusion

HL: the alternative approach is to treat each entity separately for access control purposes.

But that doesn't scale well for non-discrete resources

RW: think of a shop, which needs a feedback channel why people leave the shop without making a purchase

Is there a feedback channel?

HL: XACML 3.0 does provide a means for listing which policies are relevant
... this doesn't answer AM's question of how to model complex resources.

AM: the server gets an SQL request which needs to be passed through the access control policy.

NP: a lot of scientific applications have many components within large files for which you want to control access to.

HL: AM's case involves continuous data which creates problems.
... would like to hear discussion about how Semantic Web can be used to describe access control policies

RW: CB has worked on this. I am wondering how XACML policies could be annotated.

How could that be exploited by the access control engine?

Where to put the annotation is also a question.

HL: there has been some discussion on RDF in the XACML TC, see our wiki

Some of this is outside the scope of XACML, e.g. on describing relationships between attributes.

But we don't have a lot of SemWeb expertise in the TC and would welcome some help.

RW: e.g. relationship between first and second names of people.

SemWeb is good for managing lots of metadata and performing queries.

RW: many natural language terms in policies can map to the same concept in the ontology

The metadata could help with translating high level descriptions into lower level formal ones.

DC: one of the things we want to see in the SAML profile is the ability to provide dynamic policies

HL: we missed that, but there is a reluctance to re-open things right now.

May be we have been too rigourous...

People trying to apply XACML to webservices are bringing further requirements

There are a lot of implementation choices...

DC: a generic infrastructure works provided you can take advantage of the context

AM: an access request doesn't always have the information needed for access control, and you need to check the result of the data base operation to determine what access control decisions are needed

DC: what about doing something before obligation?

In my talk tomorrow, I will talk about checks before, during and after obligations.

HL: the policy could provide a filter to strip out data that the user shouldn't be shown

DC: we have been experimenting with this for obligations in XACML 2.0

HL: XACML 3.0 obligation families will help with that

RW: the SQL query can be analysed to see which tables/attributes will be involved.

Maybe the metadata could assist with a pre-query check

we break for lunch

some data gathering on restaurant suggestions for this evening

we will make a booking at 6:30pm

and walk straight there from here

http://www.w3.org/2009/policy-ws/papers/Pinsdorf.pdf, Ulrich Pinsdorf (Microsoft), Jan Schallaboeck (ULD), Stuart Short (SAP)

<tlr> Scribe: tlr

-> http://www.w3.org/2009/policy-ws/slides/Short.pdf slides

HL: Please explain legal requirement 1
... are these policies that are sticky to the data
... what is a communicated policy?

SS: Service has given a policy
... when the user wants to use portal and subsequently different service
... wants to ensure that policy that was originally declared is respected

HL: Does user declare to the new service when composition changes?
... what are you trying to do?

SS: Policy is stuck to the data
... data and policy are sent (in this example) to temping agency
... do not want policy to be lost when there is chain of services
...

??: Are you assuming it's just an initial, immutable policy?

SS: It doesn't change.

Ben: : In case of CV, may extract part of CV, so I've now got a new piece of data

SS: requirement to change one's mind after release of data.

??: that's hard, once data is relinquished

RW: if data is gone, there is no legal reason to have notice
... so requirement turns void

DC: My understanding -- if data is given and policy is "delete in a year", and user changes mind -- they can't

RW: they can make up their mind in certain circumstances
... distinction is whether you can get out of a previous contract -- revocation of permission
... if you drill down, it's all common sense

<rigo> (David Chadwick)

MCB: so you're assuming a standardized CV in XML?
... there's a standardized European CV format. ;-)

DC: revocation capability?

SS: not quite

DC: note that universities can revoke certificates
... if use SAML, assume short-term

RW: revocation can occur on behalf of institution or on behalf of data subject

DC: in second case, not revoking qualification, but right to use this

RW: multiple stakeholders in the model
... need to get relations right
... otherwise, get mixed up

<carrasco> http://europass.cedefop.europa.eu/

RW: sometimes better to start from protocol, some times better to start from real-world assmptions

DC: worse in SAML case with masquerade etc

HL: "give the secretary your key or signature" type of scenario

http://www.w3.org/2009/policy-ws/papers/Tschofenig.pdf, Hannes Tschofenig, Martin Euchner (Nokia Siemens Networks), Alissa Cooper (Center for Democracy and Technology), Richard Barnes (BBN)

-> http://www.w3.org/2009/policy-ws/papers/Tschofenig.pdf paper

-> http://www.w3.org/2009/policy-ws/slides/Euchner.pdf slides

<carrasco> Direct to the CV http://snurl/eu-cv

<rigo> ====================================

IETF GEOPRIV Authorization Policies

<rigo> http://www.w3.org/2009/policy-ws/papers/Tschofenig.pdf

TR: deployment and implementation experience?

ME: don't know

GN: what do you mean by "similar to creative commons"?

ME: concept of license needs to be understood, formalized, defined

GN: would it be specified in the common policy format
... or in English text?

ME: these are ideas; not very specifc; investigation necessary

RW: Do I understand protocol correctly that the device receives request to give geo data out, then policy is attached to geodata, service has to honor the policy

ME: yes

RW: why do they do this?

|: RW, PS: supermarket :|

RW: srsly, do they think the user's conditions will really be accepted?

ME: don't know the geopriv group's motivations

HL: Is the question about tech deployment or legal questions?

RW: consistency with social conventions is critical for deployment
... I'd love to impose my conditions on US immigration!

HL: understanding is that data is delivered, conditions are attached
... idea is that the recipient gets benefit of data only if they accept the condition

RW: they get both -- there's no negotiation, so they honor the conditions -- or not.

HL: absent more elaborate schemes, need to agree in advance that you'll abide by whatever conditions come with the data.

DC: that's the model we're working under in TAS3

RW: doesn't scale

DC: reduce cost of compliance

HL: scope is what's the range of what can be specified
... then you have the detailed conditions together with the data

PS: company to company, can think of conditions being pushed

HL: the other way in which these things get set up is that you have organizations, then everybody agrees to the conditions
...

??: would perfectly agree that there has to be some kind of framework

scribe: but obfuscation and transformation information might be useful

Controlling the unified portrayal of geospatial cross-border maps, Andreas Matheus, Universität der Bundeswehr München

-> http://www.w3.org/2009/policy-ws/papers/Matheus.pdf paper

<dsr> appears to conflate context dependent styling and desire to show more or less data to people across the border

HL: What's the harm of rendering an interior part of Germany in the Dutch style?

AM: Don't take it that seriously.

HL: oh, so it's a motivating example

<dsr> access control attributes corresponding to evaluating geometric functions over geospatial data

<dsr> these attributes are then used for controlling access to that data

<caribou> scribe: carine

<caribou> scribeNick: caribou

Using XACML for access control in Social Networks, Jaime Delgado, Universitat Polit�cnica de Catalunya

-> http://www.w3.org/2009/policy-ws/papers/Carreras.pdf

-> http://www.w3.org/2009/policy-ws/slides/Delgado.pdf slides

HL: doesn't the social wbe server know all that stuff [who i friend of who]?

JD: we need to express new semantics

HL: of policies or attributes?
... the policy does not know the semantics of the attributes foo or bar

JD: yes. But the way you operate on this information is new

??: in terms of validation, XACML does not have the capability of validating credentials

HL: the rules only say "compare this and that"

[point of order: several people talking at the same time, debate deferred to end of session]

<rigo> Jaime: have implementation of a matching from ODRL to XACML and e.g. MPEG21 license to XACML

Helping users to manage the information they disclose to websites, Dave Raggett, W3C

-> http://www.w3.org/2009/policy-ws/papers/Raggett.pdf paper

-> http://www.w3.org/2009/policy-ws/slides/Raggett.pdf slides

Rigo: ODRL was submitted to W3C
... push for it?

[Dave starts]

GN: if you identify at 2 places with the same assertion, it's linkable

DR: privacy policy is what data is collected, what for and how long it will be kept
... privacy assistant that describes the policies to help he user

<carrasco> XML should be more readable for IT people than a legal contract -:)

<tlr> now, let's talk about perl...

RW: you can generate human-readable policies from P3P
... lots of legalese don't say anything but "give us your data"
... we have never played with scenarios like OpenID, intermediaries

DR: lack of technology to implement some Directives
... market is on demand of more and more personal data

TCB: if the site is in the EU, it's easy, if the site is not, it's a problem
... in the cloud

On Frameworks for the Visualization of Privacy Policy Implications, Rafael Accorsi

-> http://www.w3.org/2009/policy-ws/papers/Accorsi.pdf paper

-> http://www.w3.org/2009/policy-ws/slides/Accorsi.pdf slides

HL: the analysis depends on the fact that you know the semantics of what the user is sharing?

RA: no more than 10 datatypes with agreed semantics

LB: you compare policy of the _systems_ and policy of the _user_, what do you mean?

RA: policy of the system is e.g. "I need your birthdate and your address"

LB: and policy of the user would be "I'll let you have this...if ..."

RA: yes

RW: visualize an xacml policy?

HL: seen that in a PhD

RW: insisting that semantics of XACML is needed

DR: in DL

HL: any other questions? Proposal to work on finding directions

Sticky Policies

<rigo> sticky policy: policy information attached to data, a bit like in S/MIME

<rigo> DC: could be like an obligation, whenever data is moved, the subsequent service has to take the obligation to pass the policy information on

<rigo> ...independed PEP that passes on the information on behalf

<rigo> ...reject if a service can't enforce the policy, problem renegate site, "we enforce everything"

<rigo> ...first should be transport the information back and forth

<rigo> ... this is an extension to XACML

GN: do you insist on the sticky policy being signed?

DC: no. It's up to the PEP to package it with the data
... what we want to do next is to define a std protocol, application-independent
... we haven't gone to that yet

GN: the sticky policy is dependent on the data poured in that channel

<rigo> DC: we don't have a correct binding

DC: yes. we haven't reached that detailed spec

<rigo> ...between data and policy

GN: once the channel is set up, you put whatever data you want in it?

DC: yes

RW: scenario with data on HTTP then sent by email then put in a SQL DB. How the policy survives?

DC: you can have a conformant gateway before the SQL DB
... it would store the policy

AM: it's OGC topic18
... a DRM framework, 2 years ago

<rigo> former OpenGIS

AM: Data travelling from one service to another service, it goes into another DB

DC: travels with the policy?

AM: separately
... SAML assertions to protect the policy

<rigo> ME: tls never had sticky policies

<rigo> ...we are talking about higher level policies

HL: you need trust, in downstream parties

<carrasco> http://portal.opengeospatial.org/files/?artifact_id=17802

<dsr> I wonder about web browsers, e.g. use of HTML forms and how the personal data in the form is sent along with a binding to the policy. Personal data may also be sent as part of an HTTP Authorization header, so the binding isn't simple.

DC: if you commit to give in data to someone, you can't unilaterally change the contract afterwards
... there are different scenarios

EP: can't we add the temporal aspect?
... (like cookies)

DC: yes, you can say "for 6 months" but if I change my mind, can I change it back to 3 months

DR: if it's agreed in the policy that you can change

<hlockhar> means of policy expression

<hlockhar> means of transporting and binding policies

<hlockhar> trust of enforcement

<hlockhar> combination with endogenous policies

<hlockhar> revocation?

RW: subsetting policies, you can only get more restrictive
... opposite of the data aggregation in semantic web, where you always add
... temporary aspect because of deletion
... datawarehouses are not intelligent
... sticky policies would make them intelligent

DC: metadata can be attributes, policies

HL: policies are not just metadata, commitment to do something
... are we in a position to implement sticky policies?

TCB: do we have a policy for every URI?

HL: DRM has solved the binding issue 20yrs ago

several voices: no

DC: no it's a trust issue

HL: agreement to standards.
... what's missing?

DC: performance?

HL: what user is going to specify a 1GB policy? :

<dsr> In most cases the policy will be defined by the server, not the user

ME: trust depends on who you are

<dsr> One missing piece is for the policy to indicate the legal jurisdiction

EP: do we have sticky policies smart enough to identify that someone's breaching a rule in some country?

<rigo> ML: internal attributes

<rigo> ...don't want to give them away, some solution the crypto way

<tlr> ScribeNick: tlr

DC: you're talking about the credential validation issue


.

scribe: then you have a policy who are trusted issuers of credentials
... I may be the only trusted issuer for data about my friends
... that's a policy

??: financial criteria would be things you'd want to keep secret

scribe: think about risk management for credit cards

DR: binding agreements betweent wo parties
... data subject and data controller
... agreement can't be reached unless both parties know what it is
... have to disclose what's supposed to be the agreement

RW: absolutely

GN: where does the sticky policy come from?
... I don't like the name of the supermarket problem
... but it's a problem
... have seen both sides
... both policies present and match, or policy imposed?
... Rigo's point is that data controller is often the big guy
... who can then impose rules, option is take it or leave it
... in primelife, made some advances along the lines of "perhaps true, but can at least specify preferences"
... optimize matching procedure
... automate decision whether or not can live with criteria
... automation happening

HL: there have to be mechanisms for policy agreement

GN: sticky policy as match between preferences and policies

<rigo> HL: add mechanism on policy agreement to the list

GN: downstream data controller to follow sticky policy
... downstream controller could propose policy
... sticky policy could be matched against that

RW: several hops

DC: whatever mechanism is developed must be recursive

HL: can spend a lot of time on potential approaches
... nail down what we try to accomplish

RW: some of this was raised by Greg
... experience from past is you say "need policy expression"
... it's more complex than just policy expression
... have always somebody come in with additional information
... ease of extensibility of policy language
... subsequent understanding of policy expression
... one of the biggest issues in this area
... one of my misunderstandings in semweb was
... policy, data, magic happens
... unfortunately, magic doesn't happen

DC: have to assume multiple policy languages
... and integrating them

RW: protocol level

DC: flag policies with language

RW: bites with stickiness?
... Must be able to consume multiple languages -- add to list

??: policy references instead of policies?

HL: "if you want a policy, call me" -- binding to reference, not to policy
... that's neat!

DC: In X.509 put a hash in

DR: not sure we need to assume multiple languages
... but extensibility and matching in presence of extensions

HL: too many languages already -- and yes, they're insufficient in ways we don't know yet

RW: P3P semantics for privacy -- not enough
... in access control, need more than just privacy semantics
... know in baseline policy language how to deal with proliferation

HL: hope change would be independent
... an XACML policy says "XACML" right on top
... would hope that binding, trust arrangement etc be independent of expression language

DR: for matching, need semantics

HL: combining, yes

RW: mustUnderstand
... baseline of what have to understand

HL: out of time
... need for tools
... any last words?

ME: not sure end users need to understand

SS: managing policies -- systems administrator
... user needs to remember
... sys admin might have hundreds or thousands of policies

RW: JRC Policy Editing tool
... very feature rich
... mind numbingly feature rich
... challenge for server is to reduce complexity
... challenge for user is "justice has to be seen to be done"
... can have all the tools of this world -- if people don't get the feeling that privacy happens, it's not worthwhile

ML: : object to "end users don't need tools"

<rigo> ML:

ML: need some tools to specify policies, some tools to visualize how policies affect data

<carrasco> http://sn.im/youth-lux for posterity -:)

<scribe> done

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009/11/17 17:07:22 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.135  of Date: 2009/03/02 03:52:20  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/worth/worse/
Succeeded: s/to/for/
Succeeded: s/he/here/
Succeeded: s/??/Ben:/
Succeeded: s/??/DC/
Succeeded: s/ITEF/IETF/
Succeeded: s/dat/data/
Succeeded: s/Topic: Controlling the unified portrayal of geospatial cross-border maps//
Succeeded: s/several/several people/
Succeeded: s/from MPEG21/e.g. MPEG21 license/
Succeeded: s/other way around would be better/other way around is not possible/
Succeeded: s/assertions/assertion/
Succeeded: s/facts/fact/
Succeeded: s/Hello World//
Succeeded: s/hello rigo//
Succeeded: s/wat/want/
Succeeded: s/ODC/OGC/
Succeeded: s/unliaterally/unilaterally/
Succeeded: s/policies/a policy/
Succeeded: s/side/sides/
Succeeded: s/s//
Succeeded: s/tine/time/
Succeeded: s/??/ML:/
Found ScribeNick: rigo
Found Scribe: dsr
Found ScribeNick: dsr
Found Scribe: tlr
Inferring ScribeNick: tlr
Found Scribe: carine
Found ScribeNick: caribou
Found ScribeNick: tlr
Scribes: dsr, tlr, carine
ScribeNicks: rigo, dsr, tlr, caribou

WARNING: No "Present: ... " found!
Possibly Present: AM Andreas Ben DC DR EP GN Greg Gregory HL JD Jaime LB MCB ME ML MTB Mario MarioL NP PG PS RA RW Raphael Rigo SS TCB TR Tomas accorsi caribou carrasco dsr elenat hal hlockhar mari1 nikos renato samarati scribenick tlr world
You can indicate people for the Present list like this:
        <dbooth> Present: dbooth jonathan mary
        <dbooth> Present+ amy

Agenda: http://www.w3.org/2009/policy-ws/agenda.html
Got date from IRC log name: 17 Nov 2009
Guessing minutes URL: http://www.w3.org/2009/11/17-acas-minutes.html
People with action items: 

[End of scribe.perl diagnostic output]