Fixes and updates.

topics/enforcer/keycloak-enforcement-filter.adoc

@@ -124,4 +124,4 @@ The name of the HTTP method.
 **** *scopes*
 +
 An array of strings with the scopes associated with the method. When you associate scopes with a specific method, the client trying to access a protected resource (or path) must provide
-a RPT that grants permission to all scopes here specified.
+a RPT that grants permission to all scopes here specified. For instance, if you define a method _POST_ with a scope _create_, the RPT must contain a permission granting access to the _create_ scope when performing a POST to the path.

topics/overview/terminology.adoc

@@ -27,16 +27,10 @@ But you may also have a _Alice Banking Account_, which represents a single resou
 A bounded extent of access that is possible to perform on a resource. In authorization policy
 terminology, a scope is one of the potentially many _verbs_ that can logically apply to a resource.
 
-Usually, a scope is defined as a URN that indicates what can be done with a given resource. Example of scopes are _urn:domain:resource:scope:view_,
-_urn:domain:scopes:admin:manage_, etc.
-
-Scopes have a small set of information as follows:
-
-* *Name*
-+
-A human-readable and unique string describing the scope.
-
-A single scope may be associated with zero or more resources.
+It usually indicates what can be done with a given resource. Example of scopes are _view_,
+_edit_, _delete_, etc. However, it may also be related with some information provided by a resource. In this case, you
+may have a _Project_ resource and a _cost_ scope, where _cost_ scope may be used to define specific policies
+and permissions for those trying to access project's cost.
 
 ==== Permission
 

topics/policy/time-policy.adoc

@@ -27,6 +27,28 @@ Defines the time before which the policy MUST NOT be granted. Only granted if cu
 +
 Defines the time after which the policy MUST NOT be granted. Only granted if current date/time is before or equal to this value
 +
+* *Day of Month*
++
+Defines the day of month which policy MUST be granted. You can also provide a range by filling the second field with the day of month before/equal which the policy MUST be granted. In this case, the policy would be granted if current day of month is between or equal to the two values you provided.
++
+* *Month*
++
+Defines the month which policy MUST be granted. You can also provide a range by filling the second field with the month before/equal which the policy MUST be granted. In this case, the policy would be granted if current month is between or equal to the two values you provided.
++
+* *Year*
++
+Defines the year which policy MUST be granted. You can also provide a range by filling the second field with the year before/equal which the policy MUST be granted. In this case, the policy would be granted if current year is between or equal to the two values you provided.
++
+* *Hour*
++
+Defines the hour which policy MUST be granted. You can also provide a range by filling the second field with the hour before/equal which the policy MUST be granted. In this case, the policy would be granted if current hour is between or equal to the two values you provided.
++
+* *Minute*
++
+Defines the minute which policy MUST be granted. You can also provide a range by filling the second field with the minute before/equal which the policy MUST be granted. In this case, the policy would be granted if current minute is between or equal to the two values you provided.
++
 * *Logic*
 +
-The link:logic.html[logic] of this policy
+The link:logic.html[logic] of this policy
+
+In order to the policy evaluate to a _GRANT_, all conditions that you defined must be true. Keycloak will perform an _AND_ with the outcome from each one of the conditions you have defined.