Let me be clear that as with many things that should be left to professionals, I go to security folks when I want to know things to worry about with respect to security.
With that caveat, I quickly read through the OGF attachments Joe sent and now I'm wondering where WS Security fits in. I'd really like to see a picture or some sample < > that shows all these pieces interacting and the rationale for why there are so many pieces.
Ken On Dec 8, 2006, at 2:11 PM, Duane Nickull wrote: Ken:
It doesn’t relate to PDP’s and PEP’s directly. It is a model for establishing a zone of trust for authentication. Most PDP’s are based on authentication. Authentication might not be possible locally on a specific machine and authentication has to be handed over somewhere else. That places an emphasis on trusting that all aspects of the authentication can be trusted. One breach (root access on an LDAP server), can break the whole system. Whether or not to trust other zones is important for PEP’s. If trust cannot be established, I suspect consequences must happen.
D
On 12/8/06 11:06 AM, "Ken Laskey" <klaskey@mitre.org> wrote:
PDP and PEP ala XACML
--
**********************************************************
Sr. Technical Evangelist - Adobe Systems, Inc. *
Chair - OASIS SOA Reference Model Technical Committee *
Blog: http://technoracle.blogspot.com *
Music: http://www.mix2r.com/audio/by/artist/duane_nickull*
**********************************************************
------------------------------------------------------------------------------------------ Ken Laskey MITRE Corporation, M/S H305 phone: 703-983-7934 7515 Colshire Drive fax: 703-983-1379 McLean VA 22102-7508 |