[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] Re: env attributes
> Disagree. For time based policy having the time passed in is not always > safe. > If it is needed - it is easy to do, just add an attribute, but if you are > going to have a build in time it has to be server side for auditing and > safety. ...which means that policies writers will have to manually compensate for time (and date) variations. assuming that you have a PDP in the central timezone and a PEP on either coast, this presents something of a challenge. that alone negates any potential 'security' enhancement that may be provided through increased opportunity for author error. as to auditing, if all PDP transactions are timestamped by the PDP as part ot the logging process i don't see this an an impediment to centralized audits. any event can be mapped back to the point of request at the time of audit--a safer model in my mind. b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC