[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] BTG comment
On Mar 21, 2011, at 8:12 AM, Smith, Martin wrote: > [...] Can that attribute be asserted falsely? Sure. But assuming we have audit, then there is probably adequate control of that risk. This is how we plan to handle a whole class of situations where (1) the appropriate “attributes” are difficult or impossible to obtain as facts from sources other than the requestor (e.g., “probable cause” or action “for the purpose of”) and (2) where audit of the action is considered adequate to control the risk of requestor self-assertion. Agreed. The use case--as I understand it--suggests that the PEP be able to operate in the absence of a PDP at any point in the authz process. If so, then "trust" rests ultimately with the PEP no matter what the resolution mechanism is (actions to be verified via audit as pointed out below IMO). As a side note, the TC has always operated under the assumption that the PEP/PDP relationship is trustworthy (the details of ensuring this being outside of the scope of the spec). thanks b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]