[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] [basic question] PEP recognizing authorized user.
Kuketayev, Argyn (Contractor) wrote: > > >>-----Original Message----- >>From: Uday Subbarayan [mailto:uday.subbarayan@gmail.com] >>Sent: Wednesday, March 16, 2005 2:03 PM >>To: xacml-dev@lists.oasis-open.org >>Subject: [xacml-dev] [basic question] PEP recognizing authorized user. >> >> >>I have a basic question regarding how PEP can recognize the already >>authorized user to access the resource. >> >>Let's say that I have a webservice client, a PEP implemented >>using XACML >>technology and it protects a webservice. First time, PEP can >>intercept & >>sends a XACML request to the PDP and gets the response back & permits >>the access to webservice. >> >>2nd time, when the same user performs the same action on the >>webservice, >>this time PEP should recognize previous step and should just >>forward to >>webservice. >>(it should NOT again make a XACML request to PDP). >> >> > >Why? What if policy changed since your last request? > > IMO: I don't think in a real life situation, policies will change frequently. Accessing PDP for each request is costly and may not work... >I don't think that caching strategies are covered by XACML standard. > > Yes and also not much about PEP. >Thanks, >Argyn > > > -- ***************************************************************** Uday Subbarayan I don't blog but e-write: http://uds-web.blogspot.com *****************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]