[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Validating XACML policies and requests against XSD
Hi, I also wonder why sunxacml implementation does not support xml schema with naming space in xacml policies. Best Regard hao --- On Tue, 1/13/09, Oleg Gryb <oleg_gryb@yahoo.com> wrote: > From: Oleg Gryb <oleg_gryb@yahoo.com> > Subject: [xacml-users] Validating XACML policies and requests against XSD > To: xacml-users@lists.oasis-open.org, xacml-comments@lists.oasis-open.org > Date: Tuesday, January 13, 2009, 11:39 AM > I've noticed lately that some commercial and open source > PDP engines do not validate requests and policies against > XSD that is a part of XACML specification. I could see two > problems related to that: > > 1. Each and every security auditor would say that absence > of input data validation is a security breach in waiting. > It's true even for 'regular' business > applications. In the case of authorization systems this fact > should be given even a bigger attention considering > criticality of these systems. > > 2. It affects PDP's interoperability. Example that Hao > has provided makes me thing that sunxacml disregards > namespaces, it means that it won't be interoperable with > any PDP engine that does the validation against XSD. Seth, > please let me know if my observation is not correct. > > I think it should be clearly stated in the XACML > specification that if a request or policy is not compliant > with XSDs the process of evaluation should not even start > and all invalid requests and policies should be rejected by > PDP. > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > xacml-users-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: > xacml-users-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]