[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] request's attribute assertion lifetime?
Daniel Engovatov wrote: >>The reason for this approach, is that we did not want XACML to become a >>validation engine. The business of checking signatures, validity > > times, > >>handling cryptographic computational complexity, is all out of scope, > > and > >>that is easily divided and pawned off on some other entity, so XACML > > will > >>have to complicate is job with those matters. > > > > Yep. It is the job of the PIP (context handler) to validate whether any > information requested and used by the PDP is valid, including any > timeouts etc. We do not (and can not) standardize that reliably. Why the "can not"? What are the fundamental reasons? (just trying to understand the issues) -Frank. -- Frank Siebenlist franks@mcs.anl.gov The Globus Alliance - Argonne National Laboratory
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]