[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] remote PDP
> I guess my point is that there must be a reason why the policy is hidden > from the application. In many cases, this happens because the conditions > of the policy are supposed to be secret, known only to those who write > the policies. However, if an application is queried for all key > attributes that are needed by the policy, then the application can form > some information about what the policy says based on which attributes > are used for which requests. Does this matter to everyone? Definately > not. But, if you're worried about the secrecy of the policies, it may be > a concern. i guess i can't think of a situation where you would hide your policies from 'applications'. what applications, the PEP? what else would talk to a PDP? so if the answer is nothing, then the problem becomes how to deal with untrustworthy (or vriable trustworthiness) PEPs? the only way you could handle that that i can think of is to put a 'trustworthy' PEP between your 'remote' PEPs and the (central) PDP so as to filter requests. boy, could that get interesting to manage...! ;o) b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]