[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE: Any more comments on the whois++ SPKI proposalette?

Cross-realm communication.

Client in "cell" A wants to talk to server in "cell" B.  The security
policy of Cell B is maintained by the "CA" in Cell B.  CA-A and CA-B
can vouchsafe identities, but CA-B should be able to take the arbitrary
authorization (not authentication) data that A presents, and filter it
(e.g., halving the disk quota, stripping out "my unix userid is 0" etc)
before giving something that the server in "Cell B" would use.