[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] PDP Issuers re: REST Profile working draft 05
I would state it as “per TCP/IP session”. But I agree. I am not sure managing a session pool is simpler, but you proposal will work. Hal From: Danny Thorpe [mailto:Danny.Thorpe@quest.com] >> State that when <XACMLAuthzDecisionQuery> is used, requests and responses can be correlated using Request Id and InResponseTo. State that when <Request> is used the PEP must not send a request until the response from a previous response has been received. Can we constrain this to “within the same network connection”? If a client makes multiple connections to the PDP server and issues one request per connection, there should be no ambiguity on the server of which response goes with which request because processing of each request should be handled within the context of the connection. And there should be no ambiguity on the client because it is issuing only one request per connection, and the response comes back on the same connection the request was issued on. Right? -Danny Danny Thorpe Product Architect | | Quest Software - Now including the people and products of BiTKOO | www.quest.com From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On Behalf Of Hal Lockhart I will comment on the PDP issues here and the PAP issues separately. My two original comments have not been addressed. Use of <Request> element vs. the <XACMLAuthzDecisionQuery> element. Request/response correlation. I propose the following solutions. State explicitly that the XACML request type can include either <Request> for XACML core or <XACMLAuthzDecisionQuery> from the SAML Profile. Include normative references to each and state that the processing and response must be as specified in the respective specification. State that when <Request> is used, the additional functionality is not available. State that when <XACMLAuthzDecisionQuery> is used, requests and responses can be correlated using Request Id and InResponseTo. State that when <Request> is used the PEP must not send a request until the response from a previous response has been received. Hal From: Remon Sinnema [mailto:remon.sinnema@emc.com] Submitter's message
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]