It is up to the PDP and its configuration to decide whether to return such information. All I am suggesting is that we need to allow for the ability to have the PDP return a list of information required. I am not suggesting that the PDP MUST return such a list. I think we need to allow for the security concerns of the PEP as well as the security concerns of the PDP. Anne "bill parducci" <
bill@parducci.net> wrote: >Date: Fri, 05 Apr 2002 20:00:01 -0800 >because it provides information on what is necessary to make a decision >for granting access. while this sounds appealing from a programmatic >perspective, it is a fundamental no-no in a security transaction because >it provides feedback for 'safecracking'. in other words, it allows a >nefarious entity to 'query' the system for information leading to >access. > >b > >Anne Anderson - Sun Microsystems wrote: >> >> Bill, could you explain your problem? Sometimes a PEP does not want to >> expose to the PDP all possible attribute values, but only those really >> needed. By having the PDP supply a list of those attributes required >> for a decision, the PEP can send only those. In fact, the PDP could >> return a structured set of attributes: "I could return a decision if >> you supply A, B, and C OR D and E." >> >> Another case is to support the Java Policy "getPermissions" API. In >> this case, the PEP supplies a partial list of attributes, and gets back >> a list of Permissions (resource/action pairs) that remain as the only >> unknown attributes after substituting the supplied attributes into all >> the Permit rules. So far, Java Security developers have not indicated >> any requirements for implementing this API, but it is a potential case. >> > >---------------------------------------------------------------- >To subscribe or unsubscribe from this elist use the subscription >manager: <
http://lists.oasis-open.org/ob/adm.pl >