[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Tags removing permissions
> > I'm going to take a shot at this. In our earlier conversations about
> > tag intersections, it became clear to me that no one can grant permissions
> > he doesn't have. As such - and I think a basic understanding of set theory
> > supports this - no tag can do anything but remove permission.
> This means, an empty or missing tag *grants* permission(s). Is this right?
> Regards, Franco
Well, no; my intent was to say that a certificate denies any permission
not granted by it, so that the proper meaning of an empty or missing
tag would be to deny all permission. Not particularly useful, I
suppose, and I do seem to remember Ron Rivest or someone else proposing
that it should mean the opposite, or full delegation, as you suggest.
I'll have to go back and read that again.
Brian Thomas, CISSP - Distributed Systems Architect email@example.com
Southwestern Bell firstname.lastname@example.org
One Bell Center, Room 34G3 Tel: 314 235 3141
St. Louis, MO 63101 Fax: 314 235 0162