OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: One more comment on the delegation/administration profile


All,

I just realized that it would be useful to define an attribute 
identifier for the issue instant of a policy, so it would be possible to 
put time constraints on the right to delegate.

For instance, let us say that Alice wants to grant a right for Bob to 
issue policies, but that right should be valid only until the end of 
2009. Currently there is no standard attribute identifier for this purpose.

I propose that we add the following attribute identifier to the 
administration profile:

--8<--
urn:oasis:names:tc:xacml:3.0:delegate:issue-instant

This attribute identifier is used to indicate the moment in time when a 
policy was issued. It MAY appear in a <PolicyIssuer> element, in which 
case it MUST be of data type http://www.w3.org/2001/XMLSchema#dateTime.
--8<--

Best regards,
Erik


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]