OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [security-services] the "NotOnOrAfter" issue

The x509 notBefore/notAfter fields are second resolution, Stephen(?) 
said. If SAML is going to follow those fields, as opposed to creating 
new "pure and clean" ones, then it should subtype dateTime to enforce that.

As for timezones, "here be dragons", so mandating everyone convert to a 
canonical format -- UTC -- seems to make sense to me, but it was others 
who were advocating, I was just suggesting how to achieve that.

> I agree with you about the subtleties and complexities existing, but I
> stand by my statement that this processing should (and more-and-more
> often will as XML in general and schema in particular continue to gather
> momentum) happen in a layer that the SAML-processor is built on.

My experience on the sopabuilders mailing list is that almost EVERYONE 
got it wrong initially, and I betcha almost everyone has leapseconds 
still wrong.

Zolera Systems, http://www.zolera.com
Information Integrity, XML Security

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC