[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] request's attribute assertion lifetime?
>The reason for this approach, is that we did not want XACML to become a >validation engine. The business of checking signatures, validity times, >handling cryptographic computational complexity, is all out of scope, and >that is easily divided and pawned off on some other entity, so XACML will >have to complicate is job with those matters. Yep. It is the job of the PIP (context handler) to validate whether any information requested and used by the PDP is valid, including any timeouts etc. We do not (and can not) standardize that reliably. Daniel.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]