[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Attribute validation
Anil, If the PEP sends incorrect attributes to the PDP, then it's the problem of the PEP itself. The PDP does not care, and should not. Regards, Erik Anil Tappetla (atappetl) wrote: > Assuming the PEP uses digital signatures in SAML wrapped XACML (or for > that matter SSL) as a means to authenticate with the PDP and to > protect the integrity of the request, would it ever be a possible case > where the attributes in the request have not been validated as > legitimate by the PEP ? The signature only establishes the > authenticity and integrity, but the requestor makes no claims about > the validity of the attributes. In such cases, should not the PDP make > these validations in order to circumvent a possible security attack ? > > Regards, > Anil
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]