MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: external PDP and PolicyIdReference?
I remember having had some discussions in the past, where I brought up
the requirement of calling out from a PDP to an external PDP, and I
(even more vaguely) remember that someone tried to explain that you may
be able to do that through a PolicyIdReference/PolicySetIdReference.
It is clear that you could dynamically fetch a Policy/PolicySet through
this mechanism by having a some handler resolve the URI and substitute
the returned Policy statement, but I'm not clear how you could invoke an
authz decision request to another PDP that would essentially return a
Decision.
Are there maybe other ways to achieve this?
Or in order to support that, maybe we need an additional
"PdpIdReference" URI that would have a different semantics: this would
"somehow" resolve to an external PDP that would be invoked with the
identical request context (possibly through a XACMLAuthzDecisionQuery),
while the Decision of the Response would be substituted in-place for the
normal Decision of an evaluated Policy?
Thanks, Frank.
--
Frank Siebenlist franks@mcs.anl.gov
The Globus Alliance - Argonne National Laboratory
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]