[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Attribute validity times
Dear WG I dont know if this issue has already been discussed before by the group (I suspect it might have), but we have the following problem. The java interface to our PDP includes validity times for each subject attribute. This allows attribute assertions (SAML, X.509 etc) to be validated once in our validation software (a time consuming process especially if they are signed) and then used many times for multiple decisions by the PDP. We have added an XACML request context interface to our PDP, but now when the attributes are converted into XACML subject attributes, we lose the validity times that our validation software has extracted and placed alongside each attribute value. We could produce a "hack" workaround by adding an addition validity time attribute to the set of subject attributes, but in the general case each subject attribute can have different validity times, especially when attribute assertions are obtained from multiple attribute authorities. If the group has discussed this topic, what was your conclusion regards David -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]