OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-dev] remote PDP

> I guess my point is that there must be a reason why the policy is hidden
> from the application. In many cases, this happens because the conditions
> of the policy are supposed to be secret, known only to those who write
> the policies. However, if an application is queried for all key
> attributes that are needed by the policy, then the application can form
> some information about what the policy says based on which attributes
> are used for which requests. Does this matter to everyone? Definately
> not. But, if you're worried about the secrecy of the policies, it may be
> a concern.

i guess i can't think of a situation where you would hide your policies 
from 'applications'. what applications, the PEP? what else would talk to 
a PDP? so if the answer is nothing, then the problem becomes how to deal 
with untrustworthy (or vriable trustworthiness) PEPs? the only way you 
could handle that that i can think of is to put a 'trustworthy' PEP 
between your 'remote' PEPs and the (central) PDP so as to filter requests.

boy, could that get interesting to manage...! ;o)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]