Dear Cyril, Alonso, Thank you very much for your information. If I got correctly, upcoming (modified) OpenStack Keystone will provide such functionality and replace KeyRock IdM at FIWARE Lab. Will it be another FIWARE IdM GEri ? Also please give some hints about my first consideration in the last email: With new architecture, to be sure such attributes can still be extract from token (if the IdM support) but how the PEP Proxy decide which attributes to include in the XACML request (do we need to include all user attributes in the request ?) and when the request contains such domain-specific attributes, how the PDP understand such attributes in order to validate the request without communicate with IdM ? Bests, Tran On 16.02.2015 15:48, Álvaro Alonso wrote: > With new architecture, to be sure such attributes can still be extract > from token (if the IdM support) but how the PEP Proxy decide which > attributes to include in the XACML request (do we need to include all > user attributes in the request ?) and when the request contains such > domain-specific attributes, how the PDP understand such attributes in > order to validate the request without communicate with IdM ?
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy