[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding/subtracting permissions

Hal, You wrote:

>Or is the fact that the two tags are bound together in the same cert
>supposed to give a different meaning than considering them separately,
>like in my first example above, where you really weren't supposed to be
>able to separate the two tags?

The two issues "multi-tag" and "*-forms".

I believe that the intention of multi-tag certificates is that each tag
is considered as if it were from a separate certificate.  Gathering them
into a single cert is a matter of convenience and efficiency.  No particular
logical relationship is to be implied.

If the verifying party requires two tags be presented together to allow
exercise of some capability, it should be functionally equivalent to
present two certificates, one tag in each, or a two-tag certificate.
Such a joint-tag-required capability triggers the need for a Policy-Maker
mechanism at the point of verification, where (foreinstance) a conjunction
may be demanded.

Alternately, the issuer could fashion a single tag that combines the required
conditions as parameters.

I suppose that a contrived example might be that

    (tag (spend (* set (accountnum 123))
                (* range (amount (<1000)))))

*could* be equivalent to two tags (or certs)

    (tag (spend-acct (* set (accountnum 123))))    [ ANY AMOUNT YOU LIKE ]

    (tag (spend-amt (* range (amount (<1000)))))   [ ANY ACCOUNT NUMBER ]

*AS LONG AS* the verifier demands to see both an "accountnum tag" and
an "amount tag" before taking any action.  Such a form would not provide
much structure to spending authority, but PolicyMaker could then allow

    spend = spend-acct AND spend-amt    (I have no idea the real syntax)

The issue of *-forms (positive/negative) appears to be resolved that only
positive forms are "wise", since then intersections and unions do what one
would expect.  I see no apriori way to guarantee that the semantics of a
*-form be checked for positivity(!) so it is up to the wiles of the tag
originator (equals verifier) to ensure they do what was intended.

___TONY___ (speaking for myself, so they tell me).