[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding/subtracting permissions

There are still some issues here which I don't fully understand.

One idea I've seen discussed would have allowed a mix of negative and
positive credentials in a single certificate.  You could have a cert with
two tags:

	(1) Keyholder is honest and trustworthy
	(2) But he has bad breath

By signing them jointly the issuer ensures that when the holder shows
the cert the verifier gets both pieces of information.

This does not work well though if, in the process of delegation, the
two tags can be separated.  If the cert holder can delegate just item
(1) to another key he owns, then the intersection algorithm could strip
off item (2) and make it like the original issuer just asserted (1),
which was not his intention.

So, one way to resolve this is to not allow multiple auth tags in a cert.

However with the (*) notation we are back to having multiple tags, since
the (*) is equivalent to a set of tags.  If we take Ron's example:

        (vacation-not-ok-on (* set Monday Tuesday))

I am puzzled now about what it really means.  As I understand the * notation,
this is defined to be equivalent to:

        (vacation-not-ok-on Monday)
        (vacation-not-ok-on Tuesday)

But if these tags are considered independently then as Ron described this
allows vacation any day of the week.

Does that mean that the original (*) form above had the same meaning, that 
it did not mean, as it seemed to, "vacation OK any day but Monday or
Tuesday", but rather, "vacation OK any day of the week"?

Or is the fact that the two tags are bound together in the same cert
supposed to give a different meaning than considering them separately,
like in my first example above, where you really weren't supposed to be
able to separate the two tags?

Since I don't clearly understand what the first (*) tag above means, it
is not surprising that I am confused about what kinds of intersections
or delegations should be possible with it...