[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] Re: env attributes
> Unless you do want a policy tied to a live clock (and many applications do) > and you want to connect the decision with the time stamp - so the auditing > and ecision uses the exact same clock. >i don't understand what you mean by a 'live clock'. can you explain, or give an example of a policy that needs >a 'live clock'? Dumb example: if you control access to the building, that have a thousand doors, you do not want each lock to send in its own time in a request. Nor you need permission to open the door in the future on in the past. One need to enter right now, and that "now" must be determined during the evaluation.. Only then policy writer can guarantee that nobody gets in in the wrong time.. "Live" clock is something that is guaranteed to be the same in any evaluation context, independent of the request.. D;
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC