RE: [xacml] another small time/date issue

["Daniel Engovatov" <dengovatov@bea.com>]

Small comment:  probably, not necessarily of the request - just an
attribute in the context.
But then we have the same issue with any other attribute that is part of
the "context" - does it remain static for the duration of evaluation?
I am not sure that we can place a requirement on the information source
to remain static, nor a requirement on PDP to "cache" the data somehow.
I understood that it is the implementation choice how the relevant bits
of data are computed in PIP and retrieved - I remember that we
explicitly left this open...

Daniel;


-----Original Message-----
From: Polar Humenn [mailto:polar@syr.edu] 
Sent: Tuesday, August 12, 2003 9:27 AM
To: Seth Proctor
Cc: xacml@lists.oasis-open.org
Subject: Re: [xacml] another small time/date issue


Hi Seth,

I'm was under the current understanding that there was no such thing as
the "current" time and date, at least in the temporal sense with respect
to the time of evaluation. The time is or at least should be, an
attribute
of the request.

I have argued before, that the current time is NOT the time of
evaluation,
but it is really a question, "at this <specified> time?"  For instance,
one would want to know if George had access to resource X at 13:00 Aug
12,
2000, as well one might want to know if Alice will have access to
resource
Y at 22:13 June 25, 2004. If the time is "now", the request builder
should 
insert the appropriate time.

Your right, if the spec doesn't explicitly call this out, it should.

Cheers,
-Polar




On Mon, 11 Aug 2003, Seth Proctor wrote:

> As I read the spec currently, there is no rule about whether the
current
> time, date, and dateTime must remain constant over the course of an
> evaluation. If these values are provided in the Request, then clearly
> they do remain constant, but if they're coming from some other source
> (and the PDP is required to provide these values from some source),
then
> two PDPs could have different behavior here. I doubt that difference
in
> behavior is likely to ever cause a problem, but it does leave things
> somewhat underspecified.
> 
> Would others find it useful to specify either:
> 
>  1. The current time/date/dateTime must remain constant over the
course
>     of an evalution
> 
>  2. The current time/date/dateTime, if not specified as an attribute
in
>     the Request document, must be generated dynamically with each
>     reference from a policy
> 
> Personally, I'd like to see #1 in the spec, just for clarity, but I'm
> willing to be convinced that this isn't important and/or useful. Just
> trying to get rid of an (albeit small) ambiguity. Thanks.
> 
> 
> seth
> 
> 
> ps  For full disclosure, the open source project I maintain currently
> has the bahavior from #2, but I've just changed it to have the
behavior
> for #1, since I think that's clearer.
> 
> 
> You may leave a Technical Committee at any time by visiting
http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgro
up.php
> 


You may leave a Technical Committee at any time by visiting
http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgro
up.php