xacml-dev message

Subject: Re: [xacml-dev] [basic question] PEP recognizing authorized user.

From: Bill Parducci <bparducci@gluecode.com>
To: xacml-dev@lists.oasis-open.org
Date: Wed, 16 Mar 2005 12:57:07 -0800

Uday Subbarayan wrote:
> 2nd time, when the same user performs the same action on the webservice, 
> this time PEP should recognize previous step and should just forward to 
> webservice.
> (it should NOT again make a XACML request to PDP).

i am not comfortable with the assertion that a PEP should not re-request 
authorization. there are instances where this is desirable, particularly 
since 'previous step' can mean many things.

to date PEP state has not been considered so caching/TTL issues have 
largely been considered implementation based. ask a question, get an 
answer. that said, one guess that one could ask the question, 'can 
subject access resource for 5 minutes?'

b

Follow-Ups:
- Re: [xacml-dev] [basic question] PEP recognizing authorized user.
  - From: Prakash Yamuna <techpy@gmail.com>
- Re: [xacml-dev] [basic question] PEP recognizing authorized user.
  - From: Uday Subbarayan <uday.subbarayan@gmail.com>

References:
- [basic question] PEP recognizing authorized user.
  - From: Uday Subbarayan <uday.subbarayan@gmail.com>