Subject: Re: [xacml-dev] [basic question] PEP recognizing authorized user.
Uday Subbarayan wrote: > 2nd time, when the same user performs the same action on the webservice, > this time PEP should recognize previous step and should just forward to > webservice. > (it should NOT again make a XACML request to PDP). i am not comfortable with the assertion that a PEP should not re-request authorization. there are instances where this is desirable, particularly since 'previous step' can mean many things. to date PEP state has not been considered so caching/TTL issues have largely been considered implementation based. ask a question, get an answer. that said, one guess that one could ask the question, 'can subject access resource for 5 minutes?' b