{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 趁早两清 的问题《How to Manage Trust between PEP and PDP》','https://www.manongdao.com/q-796066.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am working with distributed scenario in which I have multiple instances of PEP and PDP , in such a scenario how PDP will validate that XACML request is coming from my trusted PEP.
相关问题
- XACML Obligations
- How does an access control mechanism (e.g., RBAC o
- Is it possible to compare attributes in a XACML po
- XACML implementation
- How To Add User Defined Attribute in PIP Attribute
相关文章
- XACML implementation
- How To Add User Defined Attribute in PIP Attribute
- 如何使用ALFA插件“发行人”的标签?(How to use “issuer” tag in ALF
- 如何使用XACML和PIP在实际应用?(How to use XACML and PIP in re
- 使用ADFS和WIF基于角色的权限的存储(Storage of Role-based Permiss
- How to use “issuer” tag in ALFA plugin?
- Xacml integration with saml in wso2
- XACML type for bags
There are can be different ways to trust the PEP. It is not clearly mentioned in the spec. But it is mentioned that you must use SSL and authentication mechanism (such as Basic/Digest authentication). Also there is a SAML-XACML profile that talks about PEP-PDP communication. But I guess, following two simple ways can be used.
Basic authentication with SSL. Each PEP is given with user/password. When PEP sends a XACML request, User/Pass must be sent within Basic auth headers. PDPs can verify the user/pass by processing Basic Auth headers. All PDPs can be connected with same credential store.
Mutual SSL. (two-way SSL). You can implement the PDP to support for mutual SSL. Then PEP must create a SSL session by exchanging certificates. PEP must have a its own certificate (private, public key pair). To trust PEP's certificated by the PDP, they must be in the PDP's trust store.(or less signed by a trusted CA) Then PDP can trust the certificate of the PEP.