Direct and Indirect References
- Direct references
-
- Returns a policy
- Server should return HTTP return codes: 200 class, 301, or error code
- Best performance
- Every time policy changes, all direct references must be updated (could be difficult for distributed organizations that reference a central policy from many servers)
- Indirect references
-
- Returns a direct reference or another indirect reference
-
Server should return HTTP return codes 302, 303, 307, or error code
-
Worse performance (at least one extra round trip)
- Policy changes do not require indirect references to be updated
