[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] Re: env attributes
On Wed, 23 Oct 2002, Anne Anderson - Sun Microsystems wrote: > Except that I believe we say explicitly that "current-time", etc. is the > time at the PDP. How is the PEP supposed to know the time at the PDP? > Maybe we need current-PDP-time, etc. and current-PEP-time, etc. :-) >The PEP is not supposed to know the time at the PDP. The PEP should fill >those values with the time relavant to the access decision. The XACML >writer expects those values to correspond with the time for which the >access decision applies. Disagree. For time based policy having the time passed in is not always safe. If it is needed - it is easy to do, just add an attribute, but if you are going to have a build in time it has to be server side for auditing and safety.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC