Re: [xacml] proposed amendment to Polar's resolution of PM-2-05

[Anne Anderson - Sun Microsystems <Anne.Anderson@Sun.COM>]

It is up to the PDP and its configuration to decide whether to return 
such information.

All I am suggesting is that we need to allow for the ability to have the
PDP return a list of information required.  I am not suggesting that the
PDP MUST return such a list.

I think we need to allow for the security concerns of the PEP
as well as the security concerns of the PDP.

Anne

"bill parducci" <bill@parducci.net> wrote:
>Date: Fri, 05 Apr 2002 20:00:01 -0800
>because it provides information on what is necessary to make a decision
>for granting access. while this sounds appealing from a programmatic
>perspective, it is a fundamental no-no in a security transaction because
>it provides feedback for 'safecracking'. in other words, it allows a
>nefarious entity to 'query' the system for information leading to
>access.
>
>b
>
>Anne Anderson - Sun Microsystems wrote:
>> 
>> Bill, could you explain your problem?  Sometimes a PEP does not want to
>> expose to the PDP all possible attribute values, but only those really
>> needed.  By having the PDP supply a list of those attributes required
>> for a decision, the PEP can send only those.  In fact, the PDP could
>> return a structured set of attributes: "I could return a decision if
>> you supply A, B, and C OR D and E."
>> 
>> Another case is to support the Java Policy "getPermissions" API.  In
>> this case, the PEP supplies a partial list of attributes, and gets back
>> a list of Permissions (resource/action pairs) that remain as the only
>> unknown attributes after substituting the supplied attributes into all
>> the Permit rules.  So far, Java Security developers have not indicated
>> any requirements for implementing this API, but it is a potential case.
>>
>
>----------------------------------------------------------------
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>