[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] the "NotOnOrAfter" issue
Bob, RL 'Bob' Morgan wrote: > > On Mon, 28 Jan 2002, Stephen Farrell wrote: > > > However, I should point out that I think this isn't the worst thing > > about the handling of time in the -25 spec: the lack of direction on > > timezones, fractional seconds and comparisons is IMO *much* worse. > > Can you suggest some improved text on these points? Fair enough, how about: s/NotOnOrAfter/NotAfter/ and then apply the same rules as are used for X.509, that is: - MUST be 4 character years - all times in UTC (i.e. no local times, no daylight savings) - mandatory one-second resolution (e.g. MUST include '00' seconds if necessary) I think that's all you need, *if* the one-second resolution is ok - does SAML require finer time granularity for any assertions? Stephen. -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC