[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: auth fields

Carl Ellison wrote:
> Hi Ron.
> At 11:10 AM 3/11/97 EST, Ron Rivest wrote:
> >You mentioned a "sorting order" for auth fields.  This implies that
> >you want what mathematicians call a "total order" on the elements, so that
> >between any two such elements you have a relationship (either greater,
> >less than or equal to).
> No, I had always been thinking of a partial order -- maybe a lattice --
> although it's not clear that any such lattice would be closed.
> E.g., in your filesystem example, 
> "ftp://cybercash.com/pub/cme/"
> and
> "ftp://theory.lcs.mit.edu/pub/rivest/"
> might theoretically be both subordinate to 
> "ftp:"
> but there might be no cert ever generated for that lattice point.
> The problem with thinking of such lattices, to me, is that for some real 
> uses of certs, we'll need to be able to do an occasional PolicyMaker 
> translation of <auth> -- something that I don't know how to express in such 
> a form.  A PolicyMaker program would join arbitrary places on such a
> lattice.

You want to be a bit careful about terminology here, because "join" and "meet"
are the defined operations on a lattice, if I remember things correctly. I
suspect that you didn't mean "join" in the lattice sense (and please don't ask
me to define that ... but I know a man who can ;-). Correct me if I'm wrong!



> Agree?
>  - Carl
> +------------------------------------------------------------------+
> |Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
> |CyberCash, Inc.                      http://www.cybercash.com/    |
> |207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
> |Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
> +------------------------------------------------------------------+

Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author

Follow-Ups: References: