[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] remote PDP
On Fri, 2004-10-08 at 14:03, Bill Parducci wrote: > > I guess my point is that there must be a reason why the policy is hidden > > from the application. In many cases, this happens because the conditions > > of the policy are supposed to be secret, known only to those who write > > the policies. However, if an application is queried for all key > > attributes that are needed by the policy, then the application can form > > some information about what the policy says based on which attributes > > are used for which requests. Does this matter to everyone? Definately > > not. But, if you're worried about the secrecy of the policies, it may be > > a concern. > > i guess i can't think of a situation where you would hide your policies > from 'applications'. what applications, the PEP? what else would talk to > a PDP? so if the answer is nothing, then the problem becomes how to deal > with untrustworthy (or vriable trustworthiness) PEPs? the only way you > could handle that that i can think of is to put a 'trustworthy' PEP > between your 'remote' PEPs and the (central) PDP so as to filter requests. Well, my comments are based on the original use case. I asked about securing the policies but making them available to PDPs embedded in the applications, and was told that the applications (ie, the PEPs) are not allowed to see the policies. They are kept completely secret, available only to the author and the evaluating PDP. I also can't think of too many situations where you care about hiding policies from select applications, especially when those applications are trusted to supply attributes used in the decision process. Apparently, however, this case has that propoerty. Given that, I think I'd need to know more about the trust model to understand how to protect things correctly. At the end of the evaluation, the PEP is controlling access to data, so if it wants to game the system it seems to me that it's the app's loss :) seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]