[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Delegate

Carl Ellison allegedly said:
> At 03:29 PM 12/15/96 -0800, Bill Frantz wrote:
> >One possibility would be to call it "Final".  (This name makes more sense
> >if the value is boolean rather than integer.)  If the value is integer, it
> >could be called something like MaxChainLength.  (You can see I've been
> >writing far too much Java code. :-) )
> I see no problem with either change.  This leaves the question of boolean 
> vs. integer.  I can imagine a use for small integer values (e.g., my 
> intention is to let him delegate to a temporary key of his own but not to a 
> world of users) -- but back to your truth-in-advertising desire, the boolean 
> makes a lot more sense.
> So - I think I'd opt for the boolean.
> How do others feel?

I agree with Bill that "delegate" is perhaps a misleading name for 
this flag, but "Final" seems a little strange to me, also.

As I understand it, the meaning of this flag is "has permission to
create a new certificate with the same or some subset of the
privileges of this certificate".  So I would call it the "CreateCert" 
permission bit.  If your certificate has it, you can create new 
certificates; if it doesn't, you can't.  Implicit is the idea that 
the new certificate could have less authority (including not having 
the "CreateCert" flag set.)

While I can imagine circumstances where a small integer value would 
be meaningful, it's a real stretch.  I vote for the boolean...

Kent Crispin				"No reason to get excited",
kent@songbird.com,kc@llnl.gov		the thief he kindly spoke...
PGP fingerprint:   5A 16 DA 04 31 33 40 1E  87 DA 29 02 97 A3 46 2F

Follow-Ups: References: