OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] request's attribute assertion lifetime?


Daniel Engovatov wrote:
>...
>>Except that I can not incorporate the validity time check for the
>>assertions that are used in the evaluation as their validity is only 
>>compared to the current time before the PDP gets its hand on it.
> 
> 
> PDP evaluation would be valid against whatever dataset you provided.
> You can validate this dataset prior, or after evaluation, or during
> enforcement, or after enforcement, or when federal agents come knocking
> on your door, or on Mondays, or never.   It is a forever fixed
> collection of values; one of them is "current-time".

Could you please show me how I could get the validity time interval of an 
attribute assertion, like SAML, into the request context, tied to the associated 
request's attribute?
(just simple time interval, no conditions, this is about the certificate 
lifetime...)

Thanks, Frank.


-- 
Frank Siebenlist               franks@mcs.anl.gov
The Globus Alliance - Argonne National Laboratory


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]