[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [security-services] the "NotOnOrAfter" issue
The x509 notBefore/notAfter fields are second resolution, Stephen(?) said. If SAML is going to follow those fields, as opposed to creating new "pure and clean" ones, then it should subtype dateTime to enforce that. As for timezones, "here be dragons", so mandating everyone convert to a canonical format -- UTC -- seems to make sense to me, but it was others who were advocating, I was just suggesting how to achieve that. > I agree with you about the subtleties and complexities existing, but I > stand by my statement that this processing should (and more-and-more > often will as XML in general and schema in particular continue to gather > momentum) happen in a layer that the SAML-processor is built on. My experience on the sopabuilders mailing list is that almost EVERYONE got it wrong initially, and I betcha almost everyone has leapseconds still wrong. /r$ -- Zolera Systems, http://www.zolera.com Information Integrity, XML Security
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC