Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rate-Limited Tokens: enable time-based policy windows #173

Open
tlepoint opened this issue Feb 25, 2022 · 2 comments
Open

Rate-Limited Tokens: enable time-based policy windows #173

tlepoint opened this issue Feb 25, 2022 · 2 comments
Labels

Comments

@tlepoint
Copy link

Section 5.1.2 and Section 2 state that

The effective policy window for a specific Client starts when the Client first sends a request associated with an Issuer.

and is defined in seconds. This makes challenging to create policies of the form “one token per client per UTC day”, which seems quite natural (e.g., this seems to be the policy adopted by Wordle-like games :-)). For example, a newspaper may want to allow 5 articles per UTC day, instead of 5 articles every 24h.

Would there be a way to be less restrictive / more generic in the definition of the policy window?

@tfpauly tfpauly added the enhancement New feature or request label Feb 28, 2022
@chris-wood
Copy link
Collaborator

chris-wood commented Mar 7, 2022

Building on #179, we can address this by adding a parameter to the RateLimit-Limit header which specifies that the window starts on an edge determined by the Issuer, rather than Client activitiy.

Long overdue, but the RateLimit-Limit header doesn't seem right here since it's meant for something else.

@tfpauly
Copy link
Owner

tfpauly commented Jun 13, 2022

Next to issuer-policy-window, we could define a property like issuer-policy-window-start, which would include a UTC timestamp for when the policy windows all begin and must align to.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants