Subject: RE: Question re: XACML PEP
In that demonstration the Boeing CIPHER tool searched and classified the document based on the information it contained (e.g. proprietary markings) and store an XACML attribute in the properties of the document (e.g. “urn:oasis:names:tc:xacml:3.0:ipc:resource:proprietary” with a value of “true”). A PEP would need to extract that information from the document and send it in an XACML request to a PDP to render a decision based on an XACML policy. I know Nextlabs provides a PEP that can do this. Other XACML product companies may also provide PEPs with this capability too.
Can any of you please tell me how, in our 2012 RSA demonstration of the XACML IP Profile, how the Policy Enforcement Point (PEP) was able to read resource metadata, to make an access control decision? Was the resource file actually being opened in order to read the metadata? How is the metadata visible to the PEP?
Thanks so much!
Crystal Hayes, CCEP