OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Attribute validation

Anil,

If the PEP sends incorrect attributes to the PDP, then it's the problem 
of the PEP itself. The PDP does not care, and should not.

Regards,
Erik

Anil Tappetla (atappetl) wrote:
> Assuming the PEP uses digital signatures in SAML wrapped XACML (or for 
> that matter SSL) as a means to authenticate with the PDP and to 
> protect the integrity of the request, would it ever be a possible case 
> where the attributes in the request have not been validated as 
> legitimate by the PEP ? The signature only establishes the 
> authenticity and integrity, but the requestor makes no claims about 
> the validity of the attributes. In such cases, should not the PDP make 
> these validations in order to circumvent a possible security attack ?
>  
> Regards,
> Anil

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]