OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

external PDP and PolicyIdReference?

  • 1.  external PDP and PolicyIdReference?

    Posted 04-04-2005 23:05
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: external PDP and PolicyIdReference?


    I remember having had some discussions in the past, where I brought up 
    the requirement of calling out from a PDP to an external PDP, and I 
    (even more vaguely) remember that someone tried to explain that you may 
    be able to do that through a PolicyIdReference/PolicySetIdReference.
    
    It is clear that you could dynamically fetch a Policy/PolicySet through 
    this mechanism by having a some handler resolve the URI and substitute 
    the returned Policy statement, but I'm not clear how you could invoke an 
    authz decision request to another PDP that would essentially return a 
    Decision.
    
    Are there maybe other ways to achieve this?
    
    Or in order to support that, maybe we need an additional 
    "PdpIdReference" URI that would have a different semantics: this would 
    "somehow" resolve to an external PDP that would be invoked with the 
    identical request context (possibly through a XACMLAuthzDecisionQuery), 
    while the Decision of the Response would be substituted in-place for the 
    normal Decision of an evaluated Policy?
    
    Thanks, Frank.
    
    -- 
    Frank Siebenlist               franks@mcs.anl.gov
    The Globus Alliance - Argonne National Laboratory
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]