OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] safe value for AuthenticationInstant?

> ok. but what about from a non-repudiation point of view? in a 
> court of law, seconds count. or don't they?

I think that even in the court of law they understand the 
limits on granularity of clocks (in fact, I've never seen 
seconds listed on any official court document -- even 
the speeding tickets that I tend to get from time to time,
so it would seem that time to the minute is sufficient 
for courts).

In any case, non repudiation comes more into play in the
world of digital signatures and not typically in the 
timestamp recorded within the document being signed.

On top of that you have the issue that the system clocks
for all the computers involved are pretty much guaranteed
not be reliably sync'd to the sub-second level (and I
wouldn't count too much on sub-minute sync).  The one 
case where this isn't an issue is when both providers are
running on the same physical box, in which case the system
clocks are fully in sync (unless they happened to sync
with the network time source in between generation of 
the token and consumption of the token).

Just food for thought.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]