OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] another small time/date issue

On Tue, 2003-08-12 at 15:36, Daniel Engovatov wrote:
> I would think that such specification would be out of the scope of the
> XACML standard.   How would you realistically specify that?  Establish
> accuracy?
> How do you deal with geographically distributed systems, etc?  

The only question I have raised is whether these current date/time
values should be constant across an evaluation or not, and therefore if
there should be some language in the specification clarifying this
point. We already require these values be provided, so there's no
complication in keeping them constant, and this certainly isn't out of
scope of XACML since it defines how a standard attribute should be
handled during policy evaluation. This has nothing to do with geographic
location or accuracy.

> We say that "current-time" and friends should be provided and expected
> to be defined, why is not it sufficient?  We can not adjust all
> implementation clocks anyway.

If you refer to current-time twice in a policy where the value is being
supplied by the PDP, one implementation might return two slightly
different values while another might return the same value twice. This
is not likely to be a huge problem, but it does represent different
behavior across different applications, and it can be addressed without
too much difficulty.

I'm not sure what adjusting clocks has to do with this...


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]