OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [security-services] the "NotOnOrAfter" issue



Bob,

RL 'Bob' Morgan wrote:
> 
> On Mon, 28 Jan 2002, Stephen Farrell wrote:
> 
> > However, I should point out that I think this isn't the worst thing
> > about the handling of time in the -25 spec: the lack of direction on
> > timezones, fractional seconds and comparisons is IMO *much* worse.
> 
> Can you suggest some improved text on these points?

Fair enough, how about:

s/NotOnOrAfter/NotAfter/ and then apply the same rules as are used
for X.509, that is:

- MUST be 4 character years
- all times in UTC (i.e. no local times, no daylight savings)
- mandatory one-second resolution (e.g. MUST include '00' seconds if
  necessary)

I think that's all you need, *if* the one-second resolution is
ok - does SAML require finer time granularity for any assertions?

Stephen.

-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC