[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] proposed amendment to Polar's resolution of PM-2-05
> because it provides information on what is necessary to make a decision > for granting access. while this sounds appealing from a programmatic > perspective, it is a fundamental no-no in a security transaction because > it provides feedback for 'safecracking'. in other words, it allows a > nefarious entity to 'query' the system for information leading to > access. that of the PDP leaking information is a very good point, and one to be careful about. my view is that we should be careful on what the PDP returns, but not disallow the PDP to return such information. for instance, suppose you make ac access request and present yourself as "anonymous" or with no SAML assertion for a given membership, and to get access you need to login and provide membership number. Now it would be a no-no having the PDP saying i can grant you access if you login as "JOHN_DOE" and your membership number is "12345" but it should be fine for the PDP to come back saying "i need you to login" or "give me your membership number". Not allowing the PDP to have such an outcome would imply that the requests should come with all the possible statements that may be associated with the requestor, which may be inacceptable in certain situations. For instance, you do not want to realease your AAA membership number when doing operations that have nothing to do with AAA. Can you be assumed to know yourself what you need in order to get an access and therefore which SAML statements should be provided? best -p
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC