OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-dev] XACML Attribute values locaters


In addition to Ludwig's comments, it might be the case that the PEP doesn't have access to all the sources of attributes or is not authorized to access the needed sources of attributes.


On Wed, Apr 27, 2011 at 11:15 AM, Ludwig Seitz <ludwig@sics.se> wrote:
On ons, 2011-04-27 at 13:57 +0500, Security Developer wrote:
> Hi,
> What is the real time use case when XACML PDP has to find the
> attribute values from external sources i.e. LDAP, Database etc.
> Why not authentication system return all the attributes of a subject
> so the XACML PDP do not have to locate the attribute values?
> More explanation about the related topic would be highly appreciated.
> Thanks and Best Regards.

The PEP might not know which attributes are required by the policies
when submitting the request to the PDP, or it might be bad for
performance to retrieve all attributes for each request (since many of
them might not be needed for a specific request).



Ludwig Seitz, PhD
Swedish Institute of Computer Science
Ideon Science Park
Building Beta 2 3v
Scheelevägen 17
SE-223 70 Lund

Phone +46(0)70-349 92 51

To unsubscribe, e-mail: xacml-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: xacml-dev-help@lists.oasis-open.org

David Brossard, M.Eng, SCEA, CSTP
Solutions Architect
+46(0)760 25 85 75
Axiomatics AB
Skeppsbron 40
S-111 30 Stockholm, Sweden

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]