On 1 Dec 2011, at 23:40, Nick Urbanik wrote: > This is ugly, especially when I want to have other code to fetch only > users who *have* expired. Do I really need to do this sort of thing? > The server knows which ones have expired; it would be great if I had a > way of asking it to filter them out for me.
The multiple policy areas does make it a bit messier, but I think you're probably doing things correctly unless there's some bit of schema I've forgotten. I suspect the server *doesn't* actually know which ones have expired. It is probably lazy and only evaluates the expiredness when a user actually tries to bind, or a bound user tries some operation and they've expired in the meantime. But I doubt there's some overall list of who is expired. Chris
