Open Site Navigation
  • Shawn McKinney

What Are Temporal Constraints?


DEFINED

Ability to control when an entity activation occurs based on time and date criteria. Temporal constraints are typically applied during User and Role activation as part of an authentication or authorization check.

WHAT ARE THEY FOR?

Can be used to limit when a User may log onto or activate a particular Role within a security domain. Follows the principle of least privilege as it ensures access rights are only granted when appropriate.

HOW DO THEY WORK?

There may be policies to control what dates, times, and days of week a User may access a particular area of the system and in what Role. Can also be used to enforce a lockout period when the User is inactive or otherwise away for an extended period of time.

APACHE FORTRESS TEMPORAL CONSTRAINTS

Fortress allows constraints to be applied onto both User and Role entities. There are rules that fire during an activation event (any policy enforcement API call):

  1. Can the entity be active on this Date?

  2. Is the entity within a lockout period?

  3. Has the entity exceeded a particular inactive period?

  4. Can the entity be used at this time?

  5. Can the entity be used on this day?

  6. Are there mutual exclusion constraints that prevent activating this entity? (Roles Only)

These temporal constraint rules are pluggable and may be added, overridden or removed.

42 views0 comments

Recent Posts

See All

Jan 17, 2022 Introduction Symas OpenLDAP configured with LMDB has been extensively tested and its performance characteristics are well understood. Both OpenLDAP and LMDB’s scaling characteristics are

Please note that the certificates must be in a pem format (.pem or .crt). You will need three certificates: Root CA certificate, server certificate (with the fqdn of server in subject line or in the s

  • Symas Blog RSS Feed
  • Symas on Facebook
  • Symas on Twitter
  • Symas Blog
  • Symas on LinkedIn
  • Symas YouTube Channel

Copyright © 2022, Symas Corporation. All rights reserved. Privacy Statement (updated July 28, 2022)

Phone:

Main Office: +1.650.963.7601
Fax: +1.650.390.6284

Email:

Sales: sales@symas.com
Support: support@symas.com

Office Hours:

8:00 AM - 5:00 PM ET

Office Location:

Symas Corporation
PO Box 391
Grand Junction, CO 81507 USA