[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] Re: env attributes
>...which means that policies writers will have to manually compensate for time (and date) variations. assuming >that you have a PDP in the central timezone and a PEP on either coast, this presents something of a challenge. >that alone negates any potential 'security' enhancement that may be provided through increased opportunity for >author error. Sure. There is no free lunch - if you want a "live" clock ticking somewhere, you got to be careful (and may want to use GMT time or something...) >as to auditing, if all PDP transactions are timestamped by the PDP as part ot the logging process i don't see >this an an impediment to centralized audits. any event can be mapped back to the point of request at the time >of audit--a safer model in my mind. Unless you do want a policy tied to a live clock (and many applications do) and you want to connect the decision with the time stamp - so the auditing and ecision uses the exact same clock. I agree that it does open the can of worms - but occasionally you need'em to go fishing.. I would also agree to not include "live" clock anywhere at all. It can be done in an implementation if needed.. Daniel.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC