[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tags removing permissions

> > I'm going to take a shot at this.  In our earlier conversations about
> > tag intersections, it became clear to me that no one can grant permissions
> > he doesn't have.  As such - and I think a basic understanding of set theory
> > supports this - no tag can do anything but remove permission.
> > 
> [...]
> This means, an empty or missing tag *grants* permission(s). Is this right?
> Regards, Franco

Well, no; my intent was to say that a certificate denies any permission
not granted by it, so that the proper meaning of an empty or missing
tag would be to deny all permission.  Not particularly useful, I
suppose, and I do seem to remember Ron Rivest or someone else proposing
that it should mean the opposite, or full delegation, as you suggest.
I'll have to go back and read that again.


Brian Thomas, CISSP - Distributed Systems Architect  bt0008@entropy.sbc.com
Southwestern Bell                                    bthomas@primary.net
One Bell Center,  Room 34G3                          Tel: 314 235 3141
St. Louis, MO 63101                                  Fax: 314 235 0162