RE: [xacml] Re: env attributes

[Polar Humenn <polar@syr.edu>]

On Wed, 23 Oct 2002, Daniel Engovatov wrote:

> ..given request and policy and CONTEXT, which very well may include global
> parameters independent of an individual request..
>
> Also, auditing is best done where the decision is made, not were it is used,
> as auditing may include information not returned to PEP (such as a reason
> for DENY)..

Well, "best" is only an opinion which depends upon the application, and
the auditing that is required for that application. The decision, itself
could have been made weeks ago. Actually when you write the policy, you've
have *already* made the decision.

Cheers,
-Polar

> -----Original Message-----
> From: Anne Anderson - Sun Microsystems [mailto:Anne.Anderson@Sun.COM]
> Sent: Wednesday, October 23, 2002 6:00 PM
> To: 'xacml@lists.oasis-open.org'
> Subject: RE: [xacml] Re: env attributes
>
>
> I think most "auditing" will be done by the PEP.  The PEP is the entity
> that must enforce the access decision, and the PDP must trust the PEP
> to supply correct attributes and to do the enforcement.  The PDP is just
> an "evaluation engine": given request and policy, provide decision.
>
> Anne
>
> "Daniel Engovatov" <dengovatov@crosslogix.com> wrote:
> >Date: Wed, 23 Oct 2002 14:14:14 -0700
> >>...which means that policies writers will have to manually compensate for
> >time (and date) variations. assuming >that you have a PDP in the central
> >timezone and a PEP on either coast, this presents something of a challenge.
> >>that alone negates any potential 'security' enhancement that may be
> >provided through increased opportunity for >author error.
> >
> >Sure. There is no free lunch - if you want a "live" clock ticking
> somewhere,
> >you got to be careful (and may want to use GMT time or something...)
> >
> >>as to auditing, if all PDP transactions are timestamped by the PDP as part
> >ot the logging process i don't see >this an an impediment to centralized
> >audits. any event can be mapped back to the point of request at the time
> >of
> >audit--a safer model in my mind.
> >
> >Unless you do want a policy tied to a live clock (and many applications do)
> >and you want to connect the decision with the time stamp - so the auditing
> >and ecision uses the exact same clock.
> >
> >I agree that it does open the can of worms - but occasionally you need'em
> to
> >go fishing..
> >
> >I would also agree to not include "live" clock anywhere at all.  It can be
> >done in an implementation if needed..
> >
> >Daniel.
> >
> >----------------------------------------------------------------
> >To subscribe or unsubscribe from this elist use the subscription
> >manager: <http://lists.oasis-open.org/ob/adm.pl>
>
> Anne
> ------
> Anne Anderson          Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> Burlington, MA         781-442-0928
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>