OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Problems with XACML and time

Satoshi Hada wrote:
> I'm not yet sure I correctly understand your problem.

You have captured the essence below. Here are a few
comments, though.

> You want to check whether the current time is between 9:00 and
> 17:00 in an arbitrary time zone, which is not specified in the
> policy.

Right. I wouldn't say the time zone is "arbitrary". It's generally
the time zone of the PDP. But other than that, I agree.

> Assume that the PDP is in the time zone +14:00, and that the
> current time is 14:00 in the PDP's time zone. Then you want
> to check whether 09:00(+14:00) <= 14:00(+14:00) <= 17:00(+14:00).
> Of course, the result should be true.


> However, according to the XML-Schema specification, you have to
> normalize the three time values. They are normalized to
> 19:00 <= 00:00 <= 03:00. It seems to me that you say that the
> result is false because 19:00 <= 00:00 is false.

That's right.

> Does this summarize your problem?

Yes, it summarizes the second part of my problem (the part
caused by the fact that XML Schema and XML Query require times
to be normalized to GMT before comparison).

The first part of my problem is that XML Schema says that
a time with no time zone (like the one in my policy.xml)
cannot be compared to a time with a time zone (like the
current time). This part of my problem can be solved either by
always specifying a time zone in the policy (as I did in
policy2.xml) or by changing the definitions of the time
comparison functions in the XACML spec to point to XML Query
instead of XML Schema.



> Satoshi Hada
> IBM Tokyo Research Laboratory
> mailto:satoshih@jp.ibm.com
>   Steve Hanna <steve.hanna@sun.com>
>                                                                               To:        Satoshi Hada/Japan/IBM@IBMJP
>   2003/07/18 23:23                                                            cc:        xacml@lists.oasis-open.org
>                                                                               Subject:        Re: [xacml] Problems with XACML and time
> Satoshi Hada wrote:
> > Thank you for the clarification. I don't think I fully
> > understand the problem, and I will read your mail more
> > carefully next week.
> OK, thanks for your careful consideration.
> > >> The simplest
> > >> way to make this change would be to change the definition of the
> > >> XACML time comparison functions to refer to XML Query instead of
> > >> XML Schema, as the time-equal function already does.
> >
> > I like this change.
> >
> > >> This solution does not solve the problem mentioned in this
> > >> paragraph from my original email:
> >
> > A quick question:
> >
> > Do you mean even though we make the above change
> > we still have the problem (the change does not solve all the
> > problems)?
> Yes, changing the time comparison functions to refer to XML Query
> instead of XML Schema does not solve all the problems in my email.
> It solves one of them (the need to specify time zones for all
> times). But it doesn't solve the second problem (the problems
> that arise when midnight GMT falls during normal business
> hours, as it does in many parts of the world). Solving that
> problem will require an additional change, such as adding the
> time-in-range function.
> Thanks again for your help,
> Steve Hanna

S/MIME Cryptographic Signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]