[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Third-party Pre-Fetch of authorization decision
I and trying to specify the use of XACML in a situation where the accessing party, knowing that an authrorization decision will be needed by a PEP, requests in advance the authorization decision from the PDP and pushes "the decision" with the resource access request to the PEP. We have a need to do this to cover two situations: a) the PDP may not be visible to the PEP at resource access time and b) there may be privacy considerations about the PDP knowing exactly what is accessed when (so by asking in advance, the PDP doesn't know exactly what is done and when it is done --- yes, fully admit that this is only adding a little murkiness to what the PDP knows). I've poked about in the XACML specs (but clearly don't claim to "know" them) and don't seem to be able to find this case described or explicitly handled (the specs seem to revolve around the PEP asking the PDP). Did I miss something or is this use case not considered in scope? If not in scope, any advice on a "good" way to do this (from the XACML point of view)? Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]