OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-dev] XACML Attribute values locaters

On ons, 2011-04-27 at 13:57 +0500, Security Developer wrote:
> Hi,
> What is the real time use case when XACML PDP has to find the
> attribute values from external sources i.e. LDAP, Database etc.
> Why not authentication system return all the attributes of a subject
> so the XACML PDP do not have to locate the attribute values?
> More explanation about the related topic would be highly appreciated.
> Thanks and Best Regards.

The PEP might not know which attributes are required by the policies
when submitting the request to the PDP, or it might be bad for
performance to retrieve all attributes for each request (since many of
them might not be needed for a specific request).



Ludwig Seitz, PhD
Swedish Institute of Computer Science 
Ideon Science Park
Building Beta 2 3v 
Scheelev├Ągen 17 
SE-223 70 Lund

Phone +46(0)70-349 92 51

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]