[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thoughts on the draft

At  6:08 PM 8/27/96 -0500, Brian M. Thomas wrote:
>When I query my store of certs (wherever it may be) for a particular chain,
>I am first looking for the issuer-to-subject connection and then for a specific
>authorization.  The <auth> sought will probably be an exact match, so little
>understanding is actually required; either it matches, and it's what I want,
>or it doesn't and I don't care.

Let me amplify this comment a bit further.  I envision that there will be a
significant number of certs with an empty <auth> field.  One example is a
cert which gives permission to use a particular printer.  This permission
is likely to be binary, either you have it or you don't.  The presence of
the cert is sufficient to imply the permission so no <auth> field is

I see the <auth> field being used, for example, in a file access permission
where it would specify if the designatee had write permission for the file.

Bill Frantz       | Cave ab homine unius lebri | Periwinkle -- Consulting
(408)356-8506     |  [Beware the man of one    | 16345 Englewood Ave.
frantz@netcom.com |   book]  - Anonymous Latin | Los Gatos, CA 95032, USA