Xacml Authorization other components (PEP, PIP)

[jainh]

I have two questions as follows:

1. Is it possible to deploy PAP and PDP separately ? also how to restrict PAP access ?
2. Is there any separate repository for PEP and PIP ? How does PDP interacts with PIP engine ?

[AlvaroVega]

About your your first question @raphaelahren asked about the same and probably, but I'm not sure it he did any implmementation.
About second one, what do you meean for PIP?

[jainh]

PIP, I mean PRP used by PDP. Are you using any database for saving policies? Do you use any intermediate domain model for policy or just xacml directly ?

[raphaelahrens]

@AlvaroVega I did changed the code a little so that I can generate two jars for the PAP and one for the PDP. Since I'm not so familiar with the code base, these had been very minor changes. Basically copying the AcService.java to MngrService.java and removing the PAP/PDP parts accordingly.

@jainh As far as I know there is no Policy information Point (PIP) support in keypass and when you look at the XACML standard a PDP doesn't have to. The standard mentions the context handler which is neither a part of the PEP or the PDP. But this is between the communication of the PEP and PDP and is responsible for collecting information from the PIP.