[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] [basic question] PEP recognizing authorized user.
Argyn, yes u r right in this respect, but what if , we hve a number of web service operations and we want that if permission to one of the operation is granted, the user is not needed to be authoirzed again for some other operation , i agree with u that this kind of funcitionality is not possible with the current version of XACML am i right ?? if not , correct me plz Muhammad. ----- Original Message ----- From: "Kuketayev, Argyn (Contractor)" <argyn_kuketayev@fanniemae.com> To: <xacml-dev@lists.oasis-open.org> Sent: Wednesday, March 16, 2005 9:27 PM Subject: RE: [xacml-dev] [basic question] PEP recognizing authorized user. > -----Original Message----- > From: Uday Subbarayan [mailto:uday.subbarayan@gmail.com] > Sent: Wednesday, March 16, 2005 2:03 PM > To: xacml-dev@lists.oasis-open.org > Subject: [xacml-dev] [basic question] PEP recognizing authorized user. > > > I have a basic question regarding how PEP can recognize the already > authorized user to access the resource. > > Let's say that I have a webservice client, a PEP implemented > using XACML > technology and it protects a webservice. First time, PEP can > intercept & > sends a XACML request to the PDP and gets the response back & permits > the access to webservice. > > 2nd time, when the same user performs the same action on the > webservice, > this time PEP should recognize previous step and should just > forward to > webservice. > (it should NOT again make a XACML request to PDP). Why? What if policy changed since your last request? I don't think that caching strategies are covered by XACML standard. Thanks, Argyn
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]