[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Clever delegation ??
> I think it depends on whether the items in the tag grant authority or
> remove it. Consider composing the tags (ftp /pub/ftp/foo) and (ftp
> /pub/ftp/foo R/O). I believe that the method you suggest would reduce this
> to (ftp /pub/ftp/foo) which just might allow the holder to replace foo.
> It is issues like this which need to be made clear so people don't shoot
> themselves in the foot.
I'm going to take a shot at this. In our earlier conversations about
tag intersections, it became clear to me that no one can grant permissions
he doesn't have. As such - and I think a basic understanding of set theory
supports this - no tag can do anything but remove permission.
>From the beginning, all authority which the issuer is capable of honoring
(since the issuer and verifier are, by definition, either identical or at
minimum in cahoots) is available for granting. A subset of that authority
is conveyed by a certificate. Each delegator thus starts with what he has
and delegates a subset of it. He cannot delegate what he does not have.
As long as our intersection logic understands that no permissions can be
added by subsequent (downstream, meaning more distant from issuer/verifier)
certs, but only removed, I believe we have what is needed.
Brian Thomas, CISSP - Distributed Systems Architect firstname.lastname@example.org
Southwestern Bell email@example.com
One Bell Center, Room 34G3 Tel: 314 235 3141
St. Louis, MO 63101 Fax: 314 235 0162