How does the context handler (in XACML) detect context changes? I know one responsibility of context handler is to translate the original request into XACML canonical format but how it addresses context changes?
Asked
Active
Viewed 55 times
1
-
Can you clarify what you mean? – David Brossard Jul 18 '19 at 14:14
1 Answers
0
The XACML specification states the following about the context handler:
The system entity that converts decision requests in the native request format to the XACML canonical form, coordinates with Policy Information Points to add attribute values to the request context, and converts authorization decisions in the XACML canonical form to the native response format
In practice, the context handler's responsibility is often split between the Policy Enforcement Point (PEP) and the Policy Decision Point (PDP). For instance, the PEP will tackle the conversion from a native request format to a XACML request format and it will also handle the conversion / enforcement of a XACML decision.
The PDP policy evaluation (at least within Axiomatics) handles the PIP invocation when it needs to. The context handler does not.
The architecture diagram / flow diagram in the standard is a bit too overloaded / complicated:
I typically use this one instead which highlights the key components only. As you can see the context handler is not part of the diagram.
David Brossard
- 13,584
- 6
- 55
- 88