[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RE: spec for wire format of SPKI cert
> >In other words, the limits on
> >delegation in a cert are of the form "please don't delegate
> >or we will punish you" rather than "you can't delegate
> >because the mathematics and
> >logic of the system prevent you from doing so".
>
> This seems wrong ... First, delegation should be explicit. The ability to
> delegate a privilege should be available only when explicitly granted.
>
> Second, the logic of a system evaluating a set of authorization statements can
> enforce the restrictions on delegation.
>
> Paul
I was waiting for some time to think about this one, but I think I agree
with Paul. If I issue a privilege and say it can be delegated only once,
and someone presents me a chain starting with my MAY-DELEGATE:1 cert, the
next one had better say MAY-DELEGATE:0, or I won't accept it.
Perhaps you're thinking differently, Bill...?
brian
Brian Thomas - Distributed Systems Architect bt0008@entropy.sbc.com
Southwestern Bell bthomas@primary.net
One Bell Center, Room 23Q1 Tel: 314 235 3141
St. Louis, MO 63101 Fax: 314 331 2755