[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: KeyNote draft available

To: Hal Finney <hal@rain.org>
Subject: Re: KeyNote draft available
From: Matt Blaze <mab@research.att.com>
Date: Sat, 14 Mar 1998 02:01:22 -0500
Cc: spki@c2.net, angelos@dsl.cis.upenn.edu, jf@research.att.com
In-Reply-To: Your message of "Fri, 13 Mar 1998 21:50:49 PST." <199803140550.VAA15811@s20.term1.sb.rain.org>
Sender: owner-spki@c2.net


>This looks very interesting!  I am a bit confused about how the
>$ACTION_SIGNERS keys fit into the evaluation algorithm.  It says:
>
>>   The $ACTION_SIGNERS attribute is used to
>>   provide the initial keys to match against the KEY-PREDICATEs.
>
>Then in the description of the algorithm it says:
>
>>   For each KeyNote assertion passed to the evaluation engine, the
>>   following steps are taken:
>>
>>     The TRUST-PREDICATE expression is evaluated.  If the result is
>>     boolean TRUE, and the key expression in the KEY-PREDICATE 
>>     field is also true, the request is approved.  Otherwise, it is 
>>     rejected.
>>
>>   The KEY-PREDICATE field public-key expression is evaluated as 
>>   follows:
>>
>>     Let the key expression contain public key PK_i.  A boolean
>>     variable `PK_i' corresponds to this key.
>>
>>     If there is no assertion in which PK_i is the
>>     SIGNER, then the boolean variable `PK_i' is false.
>>      
>>     If there is at least one assertion in which PK_i is 
>>     the source, then the boolean variable `PK_i' is true 
>>     if and only if at least one of those assertions is true.
>
>I think it means that keys in $ACTION_SIGNERS get their PK_i evaluated
>to true, whether they are the SIGNER of any assertions or not, right?
>

Yes, that's right.  The $ACTION_SIGNERS have already "approved" the rest
of the action environment directly.

By the way, a simpler (informal) way to think of the semantics is "depth
first search from the policy assertions"

>Another question:
>
>>   For each KeyNote assertion passed to the evaluation engine, the
>>   following steps are taken:
>
>Is this literally true, that if any of the assertions have a
>TRUST-PREDICATE evaluate to true, and the KEY-PREDICATE is also true,
>then the action is authorized?  What about:
>
>>   If the KEY-EXPR field is empty, it always
>>   evaluates to TRUE and is used for direct authorization of a
>>   TRUST-PREDICATE by a policy or a credential.
>
>Does this mean that a credential like:
>
>KEY-EXPR:
>TRUST-PREDICATE: true
>
>would authorize all actions?  It seems to meet the criteria in the rules.
>
Yes, assuming the SIGNER of the assertion is trusted back to some 
policy statment for the particular action environment.  

>Thanks for the clarifications,
>
>Hal Finney
>hal@rain.org

References:

Re: KeyNote draft available

From: Hal Finney <hal@rain.org>

Prev by Date: Re: KeyNote draft available
Next by Date: Re: KeyNote draft available
Prev by thread: Re: KeyNote draft available
Next by thread: Re: KeyNote draft available
Index(es):
- Main
- Thread