MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [xacml] Draft response to SSTC on XACML Attribute definition. Forwarded message from Seth Proctor.
Seth is right. I'll modify the draft response to reflect the
fact that our AttributeDesignator has no way of specifying
IssueInstant at all. Somehow I had remembered that you could
specify an exact match, but I was wrong.
-Anne
------- start of forwarded message -------
From: Seth Proctor <seth.proctor@sun.com>
To: Anne Anderson <Anne.Anderson@sun.com>
Subject: Re: [xacml] Draft response to SSTC on XACML Attribute definition
Date: Thu, 25 Sep 2003 11:19:19 -0400
Thanks for writing this up...it's excellent! One little nit:
> The XACML TC includes IssueInstant, but has no way of using
> this value in a policy other than to require an exact match.
> For example, there is no way in an XACML policy to say that a
> particular Attribute is acceptable so long as it was issued
> after a given dateTime. This reduces the value of
> IssueInstant considerably, but this is an XACML issue and not
> a SAML problem.
There is no way to reference this from a Designator, but of course a Selector
or an XPath function can use this value, so it's not entirely useless. I
could certainly write a Selector that let me compare the issueInstant to a
dateTime, though this is unwieldy at best :)
seth
------- end of forwarded message -------
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]