OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-dev] [basic question] PEP recognizing authorized user.

Uday Subbarayan wrote:
> 2nd time, when the same user performs the same action on the webservice, 
> this time PEP should recognize previous step and should just forward to 
> webservice.
> (it should NOT again make a XACML request to PDP).

i am not comfortable with the assertion that a PEP should not re-request 
authorization. there are instances where this is desirable, particularly 
since 'previous step' can mean many things.

to date PEP state has not been considered so caching/TTL issues have 
largely been considered implementation based. ask a question, get an 
answer. that said, one guess that one could ask the question, 'can 
subject access resource for 5 minutes?'


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]