RE: [xacml] Re: env attributes

[Anne Anderson - Sun Microsystems <Anne.Anderson@Sun.COM>]

I think most "auditing" will be done by the PEP.  The PEP is the entity
that must enforce the access decision, and the PDP must trust the PEP
to supply correct attributes and to do the enforcement.  The PDP is just
an "evaluation engine": given request and policy, provide decision.

Anne

"Daniel Engovatov" <dengovatov@crosslogix.com> wrote:
>Date: Wed, 23 Oct 2002 14:14:14 -0700
>>...which means that policies writers will have to manually compensate for
>time (and date) variations. assuming >that you have a PDP in the central
>timezone and a PEP on either coast, this presents something of a challenge.
>>that alone negates any potential 'security' enhancement that may be
>provided through increased opportunity for >author error.
>
>Sure. There is no free lunch - if you want a "live" clock ticking somewhere,
>you got to be careful (and may want to use GMT time or something...)
>
>>as to auditing, if all PDP transactions are timestamped by the PDP as part
>ot the logging process i don't see >this an an impediment to centralized
>audits. any event can be mapped back to the point of request at the time >of
>audit--a safer model in my mind.
>
>Unless you do want a policy tied to a live clock (and many applications do)
>and you want to connect the decision with the time stamp - so the auditing
>and ecision uses the exact same clock.
>
>I agree that it does open the can of worms - but occasionally you need'em to
>go fishing..
>
>I would also agree to not include "live" clock anywhere at all.  It can be
>done in an implementation if needed..
>
>Daniel.
>
>----------------------------------------------------------------
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>

Anne
------
Anne Anderson          Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
Burlington, MA         781-442-0928