OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: external PDP and PolicyIdReference?

I remember having had some discussions in the past, where I brought up 
the requirement of calling out from a PDP to an external PDP, and I 
(even more vaguely) remember that someone tried to explain that you may 
be able to do that through a PolicyIdReference/PolicySetIdReference.

It is clear that you could dynamically fetch a Policy/PolicySet through 
this mechanism by having a some handler resolve the URI and substitute 
the returned Policy statement, but I'm not clear how you could invoke an 
authz decision request to another PDP that would essentially return a 

Are there maybe other ways to achieve this?

Or in order to support that, maybe we need an additional 
"PdpIdReference" URI that would have a different semantics: this would 
"somehow" resolve to an external PDP that would be invoked with the 
identical request context (possibly through a XACMLAuthzDecisionQuery), 
while the Decision of the Response would be substituted in-place for the 
normal Decision of an evaluated Policy?

Thanks, Frank.

Frank Siebenlist               franks@mcs.anl.gov
The Globus Alliance - Argonne National Laboratory

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]