[Freeipa-devel] [Update]Time-Based Account Policies

[Stanislav Laznicka]

Hi,

The fixed patches to Martin^2's and Jakub's reviews are almost ready, 
there are just a few things left. Martin B. mentioned in his review that 
'~' might not be the best delimiter for range values in the HBAC time 
policies language as it is not commonly used for that purpose. I started 
using it when the negative values were introduced (instead of '-').

The question here is, then, which delimiter would you rather use for 
ranges? Some choices are ':', '..', and, obviously, '~' but you are free 
to come up with your own. The delimiters '-' and ',' are not suitable as 
their use is different here. However small this might seem to be, lets 
be rigorous here and design it properly.

Also, with some time, I got uncertain about one thing with the 'repeat' 
keyword. What behaviour would you expect when 'repeat' is on yearly 
repetition and 'dayofweek' is the only other thing set? RFC5545 (iCal) says:
"
Information, not contained in the rule, necessary to determine the
various recurrence instance start time and dates are derived from
the Start Time ("DTSTART") component attribute.  For example,
"FREQ=YEARLY;BYMONTH=1" doesn't specify a specific day within the
month or a time.  This information would be the same as what is
specified for "DTSTART".
"
and also in an example

"... if the BYMINUTE, BYHOUR, BYDAY,
  BYMONTHDAY, or BYMONTH rule part were missing, the appropriate
  minute, hour, day, or month would have been retrieved from the
  "DTSTART" property.",

but an example with BYDAY alone set with a day of week without numerical 
specifier is missing so it is not clear if this would apply to all 
specified weekdays of a certain month or the whole year. Currently, I am 
using only the months' weekdays.

--
Standa Láznička
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151104/2458b025/attachment.htm>