OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Problems with XACML and time


Hi Steve,

I'm not yet sure I correctly understand your problem.

You want to check whether the current time is between 9:00 and 17:00 in an arbitrary time zone,
which is not specified in the policy.
Assume that the PDP is in the time zone +14:00, and that the current time is 14:00 in the PDP's time zone.
Then you want to check whether 09:00(+14:00) <= 14:00(+14:00) <= 17:00(+14:00).
Of course, the result should be true.

However, according to the XML-Schema specification, you have to normalize
the three time values. They are normalized to 19:00 <= 00:00 <= 03:00.
It seems to me that you say that the result is false because 19:00 <= 00:00 is false.

Does this summarize your problem?

Satoshi Hada
IBM Tokyo Research Laboratory
mailto:satoshih@jp.ibm.com


Steve Hanna <steve.hanna@sun.com>

2003/07/18 23:23

       
        To:        Satoshi Hada/Japan/IBM@IBMJP
        cc:        xacml@lists.oasis-open.org
        Subject:        Re: [xacml] Problems with XACML and time

       



Satoshi Hada wrote:
> Thank you for the clarification. I don't think I fully
> understand the problem, and I will read your mail more
> carefully next week.
OK, thanks for your careful consideration.
> >> The simplest
> >> way to make this change would be to change the definition of the
> >> XACML time comparison functions to refer to XML Query instead of
> >> XML Schema, as the time-equal function already does.
>
> I like this change.
>
> >> This solution does not solve the problem mentioned in this
> >> paragraph from my original email:
>
> A quick question:
>
> Do you mean even though we make the above change
> we still have the problem (the change does not solve all the
> problems)?
Yes, changing the time comparison functions to refer to XML Query
instead of XML Schema does not solve all the problems in my email.
It solves one of them (the need to specify time zones for all
times). But it doesn't solve the second problem (the problems
that arise when midnight GMT falls during normal business
hours, as it does in many parts of the world). Solving that
problem will require an additional change, such as adding the
time-in-range function.
Thanks again for your help,
Steve Hanna

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]