MHonArc v2.4.5 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [xacml] Problems with XACML and time
Hi,Here is my understanding:1. The first part of your problem makes
sense to me.2. I don't think the second part is
a problem.>> However, according to the XML-Schema specification,
you have to
>> normalize the three time values. They are normalized to
>> 19:00 <= 00:00 <= 03:00. It seems to me that you say that
the
>> result is false because 19:00 <= 00:00 is false.
I don't think this interpretation is right.The XML schema specification says that: The order relation on time values
is the Order relation on dateTime ($B!x(B3.2.7.3) using an arbitrary
date. So I think that we can use an implicit date information
fortime comparison. The following is the comparison flow
in my mind.(Let me know if I'm wrong)1. I want to check whether09:00(+14:00) <= 14:00(+14:00) <= 17:00(+14:00)2. Set an arbitrary date (e.g., 2002-02-16).So I need to check whether2002-02-16T09:00(+14:00)
<= 2002-02-16T14:00(+14:00)
<= 2002-02-16T17:00(+14:00)3. Normalize the three time values.So I need to check whether2002-02-15T19:00Z
<= 2002-02-16T00:00Z
<= 2002-02-16T03:00Z4. The result is true.>> The first part of my problem is that XML
Schema says that
>> a time with no time zone (like the one in my policy.xml)
>> cannot be compared to a time with a time zone (like the
>> current time). This part of my problem can be solved either by
>> always specifying a time zone in the policy (as I did in
>> policy2.xml) or by changing the definitions of the time
>> comparison functions in the XACML spec to point to XML Query
>> instead of XML Schema.
I think we should change the definitions of the time
comparison functions in the XACML spec to point to XML Query
instead of XML Schema.Satoshi Hada
IBM Tokyo Research Laboratory
mailto:satoshih@jp.ibm.com
Satoshi Hada wrote:
> I'm not yet sure I correctly understand your problem.
You have captured the essence below. Here are a few
comments, though.
> You want to check whether the current time is
between 9:00 and
> 17:00 in an arbitrary time zone, which is not specified in the
> policy.
Right. I wouldn't say the time zone is "arbitrary".
It's generally
the time zone of the PDP. But other than that, I agree.
> Assume that the PDP is in the time zone +14:00,
and that the
> current time is 14:00 in the PDP's time zone. Then you want
> to check whether 09:00(+14:00) <= 14:00(+14:00) <= 17:00(+14:00).
> Of course, the result should be true.
Right!
> However, according to the XML-Schema specification,
you have to
> normalize the three time values. They are normalized to
> 19:00 <= 00:00 <= 03:00. It seems to me that you say that the
> result is false because 19:00 <= 00:00 is false.
That's right.
> Does this summarize your problem?
Yes, it summarizes the second part of my problem (the
part
caused by the fact that XML Schema and XML Query require times
to be normalized to GMT before comparison).
The first part of my problem is that XML Schema says
that
a time with no time zone (like the one in my policy.xml)
cannot be compared to a time with a time zone (like the
current time). This part of my problem can be solved either by
always specifying a time zone in the policy (as I did in
policy2.xml) or by changing the definitions of the time
comparison functions in the XACML spec to point to XML Query
instead of XML Schema.
Thanks,
Steve
>
> Satoshi Hada
> IBM Tokyo Research Laboratory
> mailto:satoshih@jp.ibm.com
>
> Steve Hanna <steve.hanna@sun.com>
>
To:
Satoshi Hada/Japan/IBM@IBMJP
> 2003/07/18 23:23
cc: xacml@lists.oasis-open.org
>
Subject:
Re: [xacml] Problems with XACML and time
>
>
>
> Satoshi Hada wrote:
> > Thank you for the clarification. I don't think I fully
> > understand the problem, and I will read your mail more
> > carefully next week.
>
> OK, thanks for your careful consideration.
>
> > >> The simplest
> > >> way to make this change would be to change the definition
of the
> > >> XACML time comparison functions to refer to XML Query
instead of
> > >> XML Schema, as the time-equal function already does.
> >
> > I like this change.
> >
> > >> This solution does not solve the problem mentioned in
this
> > >> paragraph from my original email:
> >
> > A quick question:
> >
> > Do you mean even though we make the above change
> > we still have the problem (the change does not solve all the
> > problems)?
>
> Yes, changing the time comparison functions to refer to XML Query
> instead of XML Schema does not solve all the problems in my email.
> It solves one of them (the need to specify time zones for all
> times). But it doesn't solve the second problem (the problems
> that arise when midnight GMT falls during normal business
> hours, as it does in many parts of the world). Solving that
> problem will require an additional change, such as adding the
> time-in-range function.
>
> Thanks again for your help,> > Steve Hanna
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]