allowableAccessTimeAn access may be allowed only during specific time periods of the day (e.g., 9 am to 5 pm).
authorizationPolicyType enablesAuthorizationThis attribute is used to specify if the policy enables or declines an authorization. If this attribute is set to 'true' the policy authorizes the actions and conditions pertaining to the resources referenced by the policy. Otherwise the authorization is declined.
levelOfAssuranceLevel of Assurance (LoA) refers to the degree of certainty that (1) a resource owner has that a person's physical self has been adequately verified before credentials are issued by a registration authority, and (2) a user indeed owns the credentials they are subsequently presenting to access the resource. The requirements for the level of certainty at both ends of that set of transactions should be driven by a risk assessment based on the value of the resources being protected. LoA is relevant to authentication, authorization, and access control in an SOA environment. Relevant references: 'InCommon Credential Assessment Profile r0.3', 'NIST 800-63: Electronic Authentication Guideline', and 'NIST 800-53: Recommended Security Controls for Federal Information Systems'. Access may only be granted when authentication mechanisms of at least a given strength are used. That is indicated using the Level of Assurance.
routeThis attribute specifies whether access to protected information may only be granted for a specified route of access. For example, access may be restricted to remote users using a Virtual Private Network (VPN). The route is a context qualifier as specified by ISO/IEC 10164-9.
