[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thoughts on the draft

To: "Brian M. Thomas" <bt0008@entropy.sbc.com>, angelos@gradin.cis.upenn.edu
Subject: Re: Thoughts on the draft
From: frantz@netcom.com (Bill Frantz)
Date: Tue, 27 Aug 1996 16:51:13 -0700
Cc: spki@c2.org
Sender: owner-spki@c2.net

At  6:08 PM 8/27/96 -0500, Brian M. Thomas wrote:
>When I query my store of certs (wherever it may be) for a particular chain,
>I am first looking for the issuer-to-subject connection and then for a specific
>authorization.  The <auth> sought will probably be an exact match, so little
>understanding is actually required; either it matches, and it's what I want,
>or it doesn't and I don't care.

Let me amplify this comment a bit further.  I envision that there will be a
significant number of certs with an empty <auth> field.  One example is a
cert which gives permission to use a particular printer.  This permission
is likely to be binary, either you have it or you don't.  The presence of
the cert is sufficient to imply the permission so no <auth> field is
needed.

I see the <auth> field being used, for example, in a file access permission
where it would specify if the designatee had write permission for the file.

-------------------------------------------------------------------------
Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA

Prev by Date: Re: Thoughts on the draft
Next by Date: RE: spec for wire format of SPKI cert
Prev by thread: Re: Thoughts on the draft
Next by thread: Re: Thoughts on the draft
Index(es):
- Main
- Thread