OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml-users] Third-party Pre-Fetch of authorization decision


> Seth's answer is probably the way to go.  But another way to 
> address the privacy considerations is to use a PDP that is 
> local to the PEP (within the same administrative domain or 
> even within the same application). 

I think this proposal would have problems scaling to large
numbers of accessor specific policies and places additional
development requirements on the PEP.  I'm also concerned that
this type of solution would likely cause some change to 
distribution of liability for the decisions as the PDP is
no longer the sole party making the decisions.

In thinking about this response, I also realized that there 
are factors included in the decision at the PDP that are 
provided by the resource accessor and these factors are not
known or transferred to the PEP.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]