Dear Cyril, all, Thank you very much for your support and information. I am waiting for your configuration file :-) As far as I understand (correct me if I am wrong), in the upcoming access control model, the connection between Authorized PDP and IdM (the Attribute Finder) has been removed. This makes the IdM and PDP somehow more generic and independent, however it might raise a new issue as I mention in the following: As you know, in other domains such as our healthcare domain, one of the reason that we are interested in XACML access control model because of the flexible capability to create access policies based on many attributes. Such policies will use not only XACML standard attributes (e.g. subject-id, resource-id, time etc.) but also our domain-specific attributes. For example, we have a policy like this: "Doctor can access medical records of patients from their medical center. Other doctors can access patient records in case of emergency". In such policy, we adopt two user domain-specific attributes: care provider and emergency status With new architecture, to be sure such attributes can still be extract from token (if the IdM support) but how the PEP Proxy decide which attributes to include in the XACML request (do we need to include all user attributes in the request ?) and when the request contains such domain-specific attributes, how the PDP understand such attributes in order to validate the request without communicate with IdM ? The same concern to the support of domain specific attributes is to the only FIWARE IdM KeyRock GEri. Does it support a flexible mechanism to deal with this (e.g. through API or some configuration) ? As far as I know, the GCP IdM supports such functionality through API that allowing user create new attributes. If the GE owner or someone in the list can support, please help us to clarify this. Thank you very much, Bests, Tran On 11.02.2015 17:48, DANGERVILLE Cyril wrote: > the PEP -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-tech-help/attachments/20150212/2a9b8c87/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy