[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: The meaning of PDP
Obviously the term Policy Decision Point is ambiguous on its own since policy decisions can be made about lots of aspects of security and lots of things that have nothing to do with security. The meaning of this term in the context of this TC was debated some time ago in the rqmts group. As a part of that activity I did a search and came to the conclusion that the vast majority of the current uses of PDP had something to do with access control. Not all were explicitly related to security, per se. For example, many had to do with network QoS or the like. Never-the-less, this is something that people want to make available selectively (to paying customers) so it can be viewed as a security concern. After a torturous 2 hr. concall, the rqmnts group decided that PDP should mean Authorization PDP. Now I may or may not like this definition, but I don't want to revisit it. As indicated in the producer/consumer diagram, the Authentication Authority, Attribute Authority, Session Authority and PDP can all have policy stores which modulate their behavior. Yet by agreement, only one of them is called a PDP. If there additional components required in SAML, let us add them, but that is another subject... Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC