OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] RE: Context Handler


> -----Original Message-----
> From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On
> Behalf Of Erik Rissanen
> Sent: Monday, December 19, 2011 4:48 PM
> To: Sinnema, Remon
> Cc: xacml@lists.oasis-open.org
> Subject: Re: [xacml] RE: Context Handler
> Ray,
> This is easy to control through the context handler setup/config. A
> context handler which is configured to always invoke a particular PIP
> is
> equivalent to deploying a "REP".
> The XACML architecture is intended to be an abstract view of the big
> picture and applicable to many diverse environments, so it
> intentionally
> leaves out many details. Making it more detailed would clutter the
> architecture or make it less generally applicable. There are so many
> things it could cover, like caching, pre-fetching, communication
> protocols, when to invoke which PIP, etc. I prefer to keep it simple in
> the spec.

I agree 100% that the spec should not prescribe (or even mention) any implementation details like caching.

However, I don't think that whether a PIP can only retrieve values for missing attributes or can also do other things is an implementation detail. If I'm relying on the PDP to call my PIP, but it doesn't, then my solution doesn't work. Thus this issue is a matter of importance for interoperability and as such I feel that the spec should address it.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]