[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Validating XACML policies and requests against XSD
Hi Oleg. > I think I understand your point, but I can't agree with it because I'm looking at the problem from security and interop point of view while you are trying to address performance issues. Respectfully, I don't think you quite understood my point. As a *library* author, I don't know how people will use the code I write. So in the specific case of SunXACML, I don't have anything enforcing a schema check or other validation routine. This said, any production system should of course ensure that all policies are valid; the question is how this is done. There are may projects where people have built code around the SunXACML library to provide an application or service of some kind. These auto-generate correct policies, or schema-validate policies, or otherwise verify that the input to SunXACML is correct. To provide an invalid policy would be a bug. I don't know what this "Dangerous mode" is that you talked about, but any application that accepts invalid input in running environments and still tries to work with that input is certainly dangerous, and clearly a security risk. To be clear, I am not thinking about this or any other project I work on as performance instead of security or interoperability. I have worked on many standards, and have spent years doing deep security research because these are areas that I believe are critical to building good systems. I also understand the reality of enterprise systems, and know that good library code needs to be flexible. One other note.. > Doing validation somewhere else won't improve the overall authorization system performance - you still need to do it and it will require time that will be added to the total system's response time. You're thinking about this the wrong way around. I'm not trying to force people to do validation somewhere else, I'm assuming that (as is the case in many systems I've looked at) validation may already be happening somewhere else. In that case, forcing validation to happen again is certainly a performance hit that isn't needed. seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]