[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: intersection()

At 02:24 AM 4/18/97 -0400, Carl Ellison wrote:
>	I don't know how you built this message, but it came through in 2-point 
>type, or so, and my eyes aren't that good.
> - Carl

Half my battles with quality are actually caused by the fact that
my entire day-day system is an ever-continuing beta release. I'm
an eternal empirical scientist! One day my spelling checker works,
next day it doesn't; next day the mailbox is trashed, next moment
the mouse cease to work... The other half is just me.

I was using IE4 preview's  "outlook" beta-program, testing out its secure
mail stuff.  Ive gone back to trusty old Eudora for you (on what
must now be a beta-grade win95+ platform given how many system dlls
have changed in the last 7 days). Find below is what I sent.

FYI. if one reads SPKI cert format ID and uses and implications
of definitions of terms from Trusted Systems type work of the late 70s,
the material and model is very precise and very carefully modeled
as a protection design, I would judge. I really misjudged this
initiative; hope I can make up for such bad judgement and
early skepticism, in the deployment and piloting phases!



3 questions.

(a) Is the notion of "SPKI certificate" limited to signed 5-tuples of the
form <Self, a,b,c,d>. Another name for this is a CRC (3.3.3 draft 25 Mar)

What is a signed value <x,a, b, c, d> where x != self, if its not a "spki

(b) 3.3.3 says "...one can sign that generated body, using "a" private key of
Self." Can the private key selected really be different from the key
by X?

(c) 3.3.1 the notion of intersection is not introduced for auth fields. 3.4
to imply that its an "operator" (I using operators in the sense of looking
at a
generic 5-tuple (certificate body) as a specification for an abstract
algebra, a
concrete instance of which assigns to operator" some mapping in the field over
which auth s are defined, and that mapping is named "intersection").

The nature of the mapping is constrained to be of form (x1,x2)->y as 
default, yet no concrete mapping in any concrete field is specified.
(e.g. boolean and).

Is "default" the condition of absence of policymaker program, or, 
alternatively, the absence in an end-systems hard-coded reduction algebra of 
a declaration for "intersection".

We know such an operator may be expressed in a policymaker program, and in
general may be
of form :- one or more bodies maps to one or more results.

We note that the policymaker rules may define a partial order in the field
of values of a given auth-field.

Is the default rule mapping playing the role of intersection always a
partial order?

Are all operators playing the role of intersection as in A=intersection(...)
required to be a less-than function in that partial order?? (3.4)

In reality, all this abstraction aside, is intersection really just meant
to mean
less-than over some partial order of an auth field's values?
Whilst I get the overall jist of 3.4, I find it very confusing as to what the
scope and nature of my definitions for a conforming intersection() function