[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: New Topic: Other miscellaneous concerns
Prateek asked: > How can we know the kinds of questions a PEP will ask of a PDP? I am not sure what was intended here. Perhaps this was covered under the discussion of Policy Inputs. > Ability to bind administrator identity to policy >Accomplished via trust model between PAP and PR >Could take the form of TLS/SSL or use of digital signatures >No real expansion of specifications required here > Policy repository ensures that only policy originators can edit or delete existing policy This is correct. However note that the Administration/Delegation functionality of XACML 3.0 changes this significantly. Some stakeholders envision a considerably more dynamic policy environment where policies may arrive with the request and be applied only for a single decision. > Administrators should be able to browse and refer to existing policies in new policies >Ability to reference existing policies available via <xacml:PolicyIdReference> element but processing rules undefined >May need some profiling to be useful in an interoperable fashion It is not clear to me that anything is needed here. Clearly a PAP can treat a Policy ID as opaque text. Whether or not Policy ID References are used, the PAP and PDP have to know how to find where policies are stored. Presumably this includes reading and writing by ID. This seems like a straightforward thing to do with say a relational database. The same could be defined for LDAP, although many would say policies are too volatile to be stored in LDAP. What do you have in mind here? Once again the main thing that is needed is people who are willing to contribute. Usecases would be a good start. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]