[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] [basic question] PEP recognizing authorized user.
Bill, Let me make it little bit clear. [1] PEP maintains a session for 30 mins [2] Let's say, a user (User-A) performs an action (Action-A) on a resource (WS-A). [3] PEP intercepts this request and makes a XACML request to PDP. Let's say the the response back from PDP is 'permit'. [4]After 10mins, User-A again perfoms Action-A on WS-A. Here, I understood from your response that whether PEP again should make a request to PDP or cache the previous result is implementation based, right ? Thanks, Uday. Bill Parducci wrote: > Uday Subbarayan wrote: > >> 2nd time, when the same user performs the same action on the >> webservice, this time PEP should recognize previous step and should >> just forward to webservice. >> (it should NOT again make a XACML request to PDP). > > > i am not comfortable with the assertion that a PEP should not > re-request authorization. there are instances where this is desirable, > particularly since 'previous step' can mean many things. > > to date PEP state has not been considered so caching/TTL issues have > largely been considered implementation based. ask a question, get an > answer. that said, one guess that one could ask the question, 'can > subject access resource for 5 minutes?' > > b > -- ***************************************************************** Uday Subbarayan I don't blog but e-write: http://uds-web.blogspot.com *****************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]