Re: [xacml] RE: Context Handler

[Erik Rissanen <erik@axiomatics.com>]

Hi Ray,

What would be the concrete change you would like to make in this case? 
Could you make a proposal? Also, could you handle it by the PIPs, rather 
than introducing an entirely new component like the REP?

Best regards,
Erik

On 2011-12-19 17:41, remon.sinnema@emc.com wrote:
> Erik,
>
>
> > -----Original Message-----
> > From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On
> > Behalf Of Erik Rissanen
> > Sent: Monday, December 19, 2011 4:48 PM
> > To: Sinnema, Remon
> > Cc: xacml@lists.oasis-open.org
> > Subject: Re: [xacml] RE: Context Handler
> >
> > Ray,
> >
> > This is easy to control through the context handler setup/config. A
> > context handler which is configured to always invoke a particular PIP
> > is
> > equivalent to deploying a "REP".
> >
> > The XACML architecture is intended to be an abstract view of the big
> > picture and applicable to many diverse environments, so it
> > intentionally
> > leaves out many details. Making it more detailed would clutter the
> > architecture or make it less generally applicable. There are so many
> > things it could cover, like caching, pre-fetching, communication
> > protocols, when to invoke which PIP, etc. I prefer to keep it simple in
> > the spec.
> I agree 100% that the spec should not prescribe (or even mention) any implementation details like caching.
>
> However, I don't think that whether a PIP can only retrieve values for missing attributes or can also do other things is an implementation detail. If I'm relying on the PDP to call my PIP, but it doesn't, then my solution doesn't work. Thus this issue is a matter of importance for interoperability and as such I feel that the spec should address it.
>
>
> Thanks,
> Ray