OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] another small time/date issue

Hi Seth,

I'm was under the current understanding that there was no such thing as
the "current" time and date, at least in the temporal sense with respect
to the time of evaluation. The time is or at least should be, an attribute
of the request.

I have argued before, that the current time is NOT the time of evaluation,
but it is really a question, "at this <specified> time?"  For instance,
one would want to know if George had access to resource X at 13:00 Aug 12,
2000, as well one might want to know if Alice will have access to resource
Y at 22:13 June 25, 2004. If the time is "now", the request builder should 
insert the appropriate time.

Your right, if the spec doesn't explicitly call this out, it should.


On Mon, 11 Aug 2003, Seth Proctor wrote:

> As I read the spec currently, there is no rule about whether the current
> time, date, and dateTime must remain constant over the course of an
> evaluation. If these values are provided in the Request, then clearly
> they do remain constant, but if they're coming from some other source
> (and the PDP is required to provide these values from some source), then
> two PDPs could have different behavior here. I doubt that difference in
> behavior is likely to ever cause a problem, but it does leave things
> somewhat underspecified.
> Would others find it useful to specify either:
>  1. The current time/date/dateTime must remain constant over the course
>     of an evalution
>  2. The current time/date/dateTime, if not specified as an attribute in
>     the Request document, must be generated dynamically with each
>     reference from a policy
> Personally, I'd like to see #1 in the spec, just for clarity, but I'm
> willing to be convinced that this isn't important and/or useful. Just
> trying to get rid of an (albeit small) ambiguity. Thanks.
> seth
> ps  For full disclosure, the open source project I maintain currently
> has the bahavior from #2, but I've just changed it to have the behavior
> for #1, since I think that's clearer.
> You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]