top of page
Shawn McKinney

What Are Temporal Constraints?


DEFINED

Ability to control when an entity activation occurs based on time and date criteria. Temporal constraints are typically applied during User and Role activation as part of an authentication or authorization check.

WHAT ARE THEY FOR?

Can be used to limit when a User may log onto or activate a particular Role within a security domain. Follows the principle of least privilege as it ensures access rights are only granted when appropriate.

HOW DO THEY WORK?

There may be policies to control what dates, times, and days of week a User may access a particular area of the system and in what Role. Can also be used to enforce a lockout period when the User is inactive or otherwise away for an extended period of time.

APACHE FORTRESS TEMPORAL CONSTRAINTS

Fortress allows constraints to be applied onto both User and Role entities. There are rules that fire during an activation event (any policy enforcement API call):

  1. Can the entity be active on this Date?

  2. Is the entity within a lockout period?

  3. Has the entity exceeded a particular inactive period?

  4. Can the entity be used at this time?

  5. Can the entity be used on this day?

  6. Are there mutual exclusion constraints that prevent activating this entity? (Roles Only)

These temporal constraint rules are pluggable and may be added, overridden or removed.

129 views0 comments

Recent Posts

See All

The Achilles Heel of LRU Caches

Ever since we released LMDB, our advice to software designers has been "don't do application level caching. Let the kernel handle it for...

OpenLDAP & LMDB Sizing Guide

Jan 17, 2022 Introduction Symas OpenLDAP configured with LMDB has been extensively tested and its performance characteristics are well...

Implementing LDAPS in Symas OpenLDAP 2.5+

Please note that the certificates must be in a pem format (.pem or .crt). You will need three certificates: Root CA certificate, server...

Comments


bottom of page