[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding/subtracting permissions




Thank you, Ron Rivest, for your clarifying explanation of tags as
capabilities.


I'm still not sure that we can prescribe a truly useful general
system for tag-intersection, though.


What if I want to issue a cert saying that Hal has the (delegatable)
authority to telnet to highlab.zooko.com on any odd-numbered day of
the month, and then Hal wants to issue a cert delegating his 
"odd-day telnet" capability to Carl, except he will only allow Carl 
to use this capability on prime-numbered days of the month?


Sounds like to me that Hal and I and the sysadmin of
highlab.zooko.com are all going to have to agree on our own custom
tag-meanings and accompanying tag-intersection-rules.


If this is the case, then the tag-intersection rules that we are
thinking of here will have to take the role of "default" or
"suggested" rules, rather than official, general specifications.


Perhaps they should even be published separately from SPKI itself.


Regards,

Zooko

P.S. Of course I _could_ issue a cert consisting of 16 even-numbered 
"allowed-on-this-date" tags and Hal could issue a delegation cert 
consisting of 11 prime-numbered "allowed-on-this-date" tags, and 
Ron's generic tag-intersection rule would correctly handle this, 
but I don't think that this will apply generally.  What if I want to
allow something on even-numbered _minutes_ of the month?

Disclaimers follow:  I am not a cypherpunk.  NOT speaking for 
DigiCash or any other person or organization.  No PGP sig follows.


References: