Subject: RE: [xacml-dev] [basic question] PEP recognizing authorized user.
> -----Original Message----- > From: Uday Subbarayan [mailto:firstname.lastname@example.org] > Sent: Wednesday, March 16, 2005 2:03 PM > To: email@example.com > Subject: [xacml-dev] [basic question] PEP recognizing authorized user. > > > I have a basic question regarding how PEP can recognize the already > authorized user to access the resource. > > Let's say that I have a webservice client, a PEP implemented > using XACML > technology and it protects a webservice. First time, PEP can > intercept & > sends a XACML request to the PDP and gets the response back & permits > the access to webservice. > > 2nd time, when the same user performs the same action on the > webservice, > this time PEP should recognize previous step and should just > forward to > webservice. > (it should NOT again make a XACML request to PDP). Why? What if policy changed since your last request? I don't think that caching strategies are covered by XACML standard. Thanks, Argyn