OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] request's attribute assertion lifetime?

>For example
>GRANT(swim) if 3pm < time < 5pm  AND tide < 1ft.
>What is the "isValid" interval for this policy?

Answering to myself, I guess here it would be 0, as time and tide will
not have a validity interval (they are computed for "now")

So, if any parameter may be time dependent, its validity interval is a
single point at [current-time].   So all this mechanism for computing
validity intervals would only be useful to check if "current-time" is in
the validity interval for each attribute.  That is already done by the
context handler.

Still can not see a single argument why it should be part of the policy
evaluation.  It is an entirely different problem then the authorization
operation. 

Daniel

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]