[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Minutes of 3 April 2001 Security Services TC telecon
Simon Blackwell wrote, > (BTW, it is my opinion that there are at least > two entities in > a primary PDP, a policy store and a policy interpretation > engine. If others > agree, then we need to decide who should look at this issue > the SAML group > or the XACML group and should the distinction be made clear > in SAML scope > diagram). The producer/consumer diagram shows that the Authorities and PDP all have policy stores. (A little database cylinder labeled policy.) Since these components act "behind the scenes" and do not directly interact with SAML constructs, I did not consider it desirable to further elaborate these. In my opinion, SAML should treat policy evaluation by any of these entities as a black box. The IETF (and I presume ISO) model actually calls out a Policy Administration Point (PAP) in addition to the PDP and PEP. This is an entity that can view and modify this policy store. It seemed unnecessary to reflect this concept in the SAML domain model, as no one has proposed SAML include a policy provisioning protocol. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC