OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Updated: (SECURITY-15) PE: Add guidance for implementers on clock skew

     [ http://tools.oasis-open.org/issues/browse/SECURITY-15?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Scott Cantor updated SECURITY-15:
---------------------------------

    Proposal: 
Add text to Core, after line 314:
"SAML system entities SHOULD allow for reasonable clock skew between systems when interpreting time instants and enforcing security policies based on them. Tolerances of 3-5 minutes are reasonable defaults, but allowing for configurability is a suggested practice in implementations."

Add text to Core, after line 759:
"As noted in section 1.3.3, relying parties SHOULD allow for reasonable clock skew in the interpretation of both values."

Add text to Core, after line 887:
"As noted in section 1.3.3, relying parties SHOULD allow for reasonable clock skew in the interpretation of both values."

  was:
Add text to Core, after line 314:
"SAML system entities SHOULD allow for reasonable clock skew between systems when interpreting time instants and enforcing security policies based on them. Tolerances of 3-5 minutes are reasonable defaults."

Add text to Core, after line 759:
"As noted in section 1.3.3, relying parties SHOULD allow for reasonable clock skew in the interpretation of both values."

Add text to Core, after line 887:
"As noted in section 1.3.3, relying parties SHOULD allow for reasonable clock skew in the interpretation of both values."



> PE: Add guidance for implementers on clock skew
> -----------------------------------------------
>
>                 Key: SECURITY-15
>                 URL: http://tools.oasis-open.org/issues/browse/SECURITY-15
>             Project: OASIS Security Services (SAML) TC
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: Version 2.0
>            Reporter: Scott Cantor
>            Priority: Minor
>             Fix For: 2.0 incorporating Approved Errata
>
>
> Some implementers are not clear on how to deal with clock skew issues when interpreting security-sensitive time values such as NotBefore or NotOnOrAfter attributes. We've been asked to include suggestions and guidance on this.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]