[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: KeyNote draft available
>This looks very interesting! I am a bit confused about how the
>$ACTION_SIGNERS keys fit into the evaluation algorithm. It says:
>
>> The $ACTION_SIGNERS attribute is used to
>> provide the initial keys to match against the KEY-PREDICATEs.
>
>Then in the description of the algorithm it says:
>
>> For each KeyNote assertion passed to the evaluation engine, the
>> following steps are taken:
>>
>> The TRUST-PREDICATE expression is evaluated. If the result is
>> boolean TRUE, and the key expression in the KEY-PREDICATE
>> field is also true, the request is approved. Otherwise, it is
>> rejected.
>>
>> The KEY-PREDICATE field public-key expression is evaluated as
>> follows:
>>
>> Let the key expression contain public key PK_i. A boolean
>> variable `PK_i' corresponds to this key.
>>
>> If there is no assertion in which PK_i is the
>> SIGNER, then the boolean variable `PK_i' is false.
>>
>> If there is at least one assertion in which PK_i is
>> the source, then the boolean variable `PK_i' is true
>> if and only if at least one of those assertions is true.
>
>I think it means that keys in $ACTION_SIGNERS get their PK_i evaluated
>to true, whether they are the SIGNER of any assertions or not, right?
>
Yes, that's right. The $ACTION_SIGNERS have already "approved" the rest
of the action environment directly.
By the way, a simpler (informal) way to think of the semantics is "depth
first search from the policy assertions"
>Another question:
>
>> For each KeyNote assertion passed to the evaluation engine, the
>> following steps are taken:
>
>Is this literally true, that if any of the assertions have a
>TRUST-PREDICATE evaluate to true, and the KEY-PREDICATE is also true,
>then the action is authorized? What about:
>
>> If the KEY-EXPR field is empty, it always
>> evaluates to TRUE and is used for direct authorization of a
>> TRUST-PREDICATE by a policy or a credential.
>
>Does this mean that a credential like:
>
>KEY-EXPR:
>TRUST-PREDICATE: true
>
>would authorize all actions? It seems to meet the criteria in the rules.
>
Yes, assuming the SIGNER of the assertion is trusted back to some
policy statment for the particular action environment.
>Thanks for the clarifications,
>
>Hal Finney
>hal@rain.org
References: