How to Manage Trust between PEP and PDP

I am working with distributed scenario in which I have multiple instances of PEP and PDP , in such a scenario how PDP will validate that XACML request is coming from my trusted PEP.

Answers


There are can be different ways to trust the PEP. It is not clearly mentioned in the spec. But it is mentioned that you must use SSL and authentication mechanism (such as Basic/Digest authentication). Also there is a SAML-XACML profile that talks about PEP-PDP communication. But I guess, following two simple ways can be used.

  1. Basic authentication with SSL. Each PEP is given with user/password. When PEP sends a XACML request, User/Pass must be sent within Basic auth headers. PDPs can verify the user/pass by processing Basic Auth headers. All PDPs can be connected with same credential store.

  2. Mutual SSL. (two-way SSL). You can implement the PDP to support for mutual SSL. Then PEP must create a SSL session by exchanging certificates. PEP must have a its own certificate (private, public key pair). To trust PEP's certificated by the PDP, they must be in the PDP's trust store.(or less signed by a trusted CA) Then PDP can trust the certificate of the PEP.


Need Your Help

Flex: Loading an XML File That Isn't Accessible By Users

xml flex httpservice

We have a Flex app that is currently loading an XML file that contains Multiple Choice Question data. I don't want a user to be able to access this file via http, but if I use HTTPService to load the

Using Twython to 'favorite' a tweet

api twitter twython favorite

I'm trying to 'favorite' a tweet using Twython given that I know the tweet's ID, as described in "https://dev.twitter.com/docs/api/1.1" under the "POST favorites/create" section.