[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] proposed amendment to Polar's resolution of PM-2-05
> that of the PDP leaking information is a very good point, and
> one to be
> careful about.
> my view is that we should be careful on what the PDP returns, but not
> disallow the PDP to return such information.
With respect to all of you I disagree. Leaking information about the inputs to policy is not analagous to to leaking information during an authorization for several reasons.
First of all, the parties have been previously authenticated. In most cases, that means that they are authorized users with the capability to take at least some actions. In any event it means we can audit their behavior and track them down if necessary.
But the much more important reason in the context of this debate, is that the PEP MUST be a trusted component! The PEP is responsible for enforcement. If the PEP is subverted, it can ignore what the PDP says and allow any sort of access it likes. It can even refuse to consult the PDP.
I have no objection to the MAY language, for the reason that a low-functionality PDP may not want to implement this feature. But I want to go on record as saying this is NOT a security risk.
Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC