[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] remote PDP
Seth Proctor wrote: > Oh, ok. Then no, you can't share these with any PDPs. But by retrieving > only the specific attributes you need from an app, you're telling that > application some information about what's in those "secret" policies. > The only way to keep the policy completely secret is to have the app > send all possibly useful attributes up front. Unless you're not really > worried about leaking a little detail (which is true for many people). doesn't this seem like an implementation issue? if the policies evaluate attributes by definition they can't be hidden from the PDP. this does not mean that all policy authors needs to be able to see all policies, nor that policy authors can see the values of the attributes being evaluated. 'secret' policies would seem to me to be policies that are not viewable by all authors. in that situation my thinking is that the policy editing/repository interface be given the responsibility for maintaining security on the policies and that the PEP would send all relevant attributes with the request. the PDP, having 'root-like' access to the policies would evaluate *all* relevant polices and redner its decision. of course, this introduces the situation where someone not on the 'need to know' policy author list might provide access to a resource inadvertently as a result of writing a policy that does not evaluate the entire scope of attributes. in the absence of any sort of author attribute in the policy, me thinks this could be best handled with some sort of overarching policy that includes all sensitive resources with reference to key attributes (at least that is how it reads in the brochure ;o) b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]