OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: t+/-dt

Colleagues - There are two common ways of expressing the time when there is
a degree of uncertainty.

1. a=t+dt, b=t-dt, or
2. a=t, b=dt

Of course, one can readily convert values between the two styles.  

I can think of a couple of reasons for choosing style 2.  The first is that
paradoxical statements cannot be made in style 2 (one cannot say before
2:00pm on Friday, but after 2:30pm on Friday).  The other is that style 2 is
more compact, or stated differently, in most cases, the year, month, date,
hour, minute and time-zone offset values in t+dt and t-dt will be identical.

But, it seems to me that the most appropriate way to choose between the two
styles is to consider whether the client or the server should bear the
computational burden in the most common applications.  In keeping with the
philosophy of the architecture (simplifying matters for the client) it seems
apparent that any computational burden should fall on the server.

Except in cases where the client is not concerned about the accuracy, I
cannot think of an application in which the client is interested separately
in the server's estimate of the time and its estimate of the uncertainty in
that time.

Some of the most common situation are where the relying party wants to know
definitively whether t is earlier or later than some t'.  In the former
case, it should compare t' with t+dt and in the latter case, it should
compare t' with t-dt.

Here are some examples where the relying party compares times:

- Determining if a signed document was created within the validity interval
of a private key.
- Determining if a signed document was created before a certificate was
revoked.
- Determining whether a bank deposit was made before a withdrawal.

There are also situations in which the relying-party wants to know
definitively the earliest or latest time at which a certain event could have
occurred (e.g. creation of a document).  In the former case the relying
party is interested in t+dt and in the latter case in t-dt.

If the relying-party is not concerned about accuracy, then there it can
simply choose to use t-dt or t+dt, in place of t.  We could make it
mandatory to include t+dt in a timestamp token and optional to include t-dt.

It has been argued that style 2 is more conventional or intuitive; it is
more consistent with a service that simply asserts that it performed a
certain action at a certain time, regardless of how one might use that
information in a given business context.  Personally, I don't find that
argument persuasive.

What do others think?  All the best.  Tim.


-----------------------------------------------------------------
Tim Moses
613.270.3183

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]