[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-users] Third-party Pre-Fetch of authorization decision
> Seth's answer is probably the way to go. But another way to > address the privacy considerations is to use a PDP that is > local to the PEP (within the same administrative domain or > even within the same application). I think this proposal would have problems scaling to large numbers of accessor specific policies and places additional development requirements on the PEP. I'm also concerned that this type of solution would likely cause some change to distribution of liability for the decisions as the PDP is no longer the sole party making the decisions. In thinking about this response, I also realized that there are factors included in the decision at the PDP that are provided by the resource accessor and these factors are not known or transferred to the PEP. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]