OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xacml-dev] [basic question] PEP recognizing authorized user.




> -----Original Message-----
> From: Uday Subbarayan [mailto:uday.subbarayan@gmail.com] 
> Sent: Wednesday, March 16, 2005 2:03 PM
> To: xacml-dev@lists.oasis-open.org
> Subject: [xacml-dev] [basic question] PEP recognizing authorized user.
> 
> 
> I have a basic question regarding how PEP can recognize the already 
> authorized user to access the resource.
> 
> Let's say that I have a webservice client, a PEP implemented 
> using XACML 
> technology and it protects a webservice. First time, PEP can 
> intercept & 
> sends a XACML request to the PDP and gets the response back & permits 
> the access to webservice.
> 
> 2nd time, when the same user performs the same action on the 
> webservice, 
> this time PEP should recognize previous step and should just 
> forward to 
> webservice.
> (it should NOT again make a XACML request to PDP).

Why? What if policy changed since your last request?

I don't think that caching strategies are covered by XACML standard.

Thanks,
Argyn


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]