[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tags removing permissions

To: bt0008@sbc.com, franco@goldnet.ch
Subject: Re: Tags removing permissions
From: "Brian M. Thomas" <bt0008@entropy.sbc.com>
Date: Thu, 3 Apr 1997 13:51:00 -0600 (CST)
Cc: spki@c2.net
Sender: owner-spki@c2.net


> > I'm going to take a shot at this.  In our earlier conversations about
> > tag intersections, it became clear to me that no one can grant permissions
> > he doesn't have.  As such - and I think a basic understanding of set theory
> > supports this - no tag can do anything but remove permission.
> > 
> [...]
> 
> This means, an empty or missing tag *grants* permission(s). Is this right?
> 
> Regards, Franco
> 

Well, no; my intent was to say that a certificate denies any permission
not granted by it, so that the proper meaning of an empty or missing
tag would be to deny all permission.  Not particularly useful, I
suppose, and I do seem to remember Ron Rivest or someone else proposing
that it should mean the opposite, or full delegation, as you suggest.
I'll have to go back and read that again.

brian


Brian Thomas, CISSP - Distributed Systems Architect  bt0008@entropy.sbc.com
Southwestern Bell                                    bthomas@primary.net
One Bell Center,  Room 34G3                          Tel: 314 235 3141
St. Louis, MO 63101                                  Fax: 314 235 0162

Prev by Date: Tags removing permissions
Next by Date: Re: *-forms in tags
Prev by thread: Tags removing permissions
Next by thread: Re: Clever delegation ??
Index(es):
- Main
- Thread