OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Attribute validity times

Dear WG

I dont know if this issue has already been discussed before by the group 
(I suspect it might have), but we have the following problem.

The java interface to our PDP includes validity times for each subject 
attribute. This allows attribute assertions (SAML, X.509 etc) to be 
validated once in our  validation software (a time consuming process 
especially if they are signed) and then used many times for multiple 
decisions by the PDP.

We have added an XACML request context interface to our PDP, but now 
when the attributes are converted into XACML subject attributes, we lose 
the validity times that our validation software has extracted and placed 
alongside each attribute value.

We could produce a "hack" workaround by adding an addition validity time 
attribute to the set of subject attributes, but in the general case each 
subject attribute can have different validity times, especially when 
attribute assertions are obtained from multiple attribute authorities.

If the group has discussed this topic, what was your conclusion




David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]