Re: [xacml-dev] remote PDP

[Argyn <argyn@cox.net>]

On Fri, 08 Oct 2004 14:13:57 -0400, Seth Proctor <Seth.Proctor@Sun.COM>  
wrote:

>
> On Fri, 2004-10-08 at 14:03, Bill Parducci wrote:
>> > I guess my point is that there must be a reason why the policy is  
>> hidden
>> > from the application. In many cases, this happens because the  
>> conditions
>> > of the policy are supposed to be secret, known only to those who write
>> > the policies. However, if an application is queried for all key
>> > attributes that are needed by the policy, then the application can  
>> form
>> > some information about what the policy says based on which attributes
>> > are used for which requests. Does this matter to everyone? Definately
>> > not. But, if you're worried about the secrecy of the policies, it may  
>> be
>> > a concern.
>>
>> i guess i can't think of a situation where you would hide your policies
>> from 'applications'. what applications, the PEP? what else would talk to
>> a PDP? so if the answer is nothing, then the problem becomes how to deal
>> with untrustworthy (or vriable trustworthiness) PEPs? the only way you
>> could handle that that i can think of is to put a 'trustworthy' PEP
>> between your 'remote' PEPs and the (central) PDP so as to filter  
>> requests.
>
> Well, my comments are based on the original use case. I asked about
> securing the policies but making them available to PDPs embedded in the
> applications, and was told that the applications (ie, the PEPs) are not
> allowed to see the policies. They are kept completely secret, available
> only to the author and the evaluating PDP.

Well, I don't have a requirement like that in my current system :)

I started to think about remote PDP. Sort of a service for enterprise  
apps, so they don't maintain their own PDPs. They'd publish their policies  
to a central PDP. I thought that there could be global policies combined  
with local application policies. I thought some of these global policies  
could be "secret". It's not that local PEPs are "untrustworthy", strickly  
speaking.

The analogy is that you are "trustworthy" as a user of your PC. However,  
it dowesn't mean that you know everyone in the company who can get into  
your hard drive. There are all sorts of folks who can do it. You don't  
necessarily know who are they, system admin guys.

That was my line of thought.

Anyway, "secret" policies may be not worth to think about at this moment.  
It seems that it's not possible to build central PDP service without much  
effort. Maybe we only can have centralized policy registry service + PDP  
code library. Applications would download PDP code, and install in their  
classpath. This PDP will retrieve all required global policies + load  
local application specifi policies. It's the simplest I can think of at  
this moment.

thanks,
Argyn


thanks,
Argyn