[475] in WWW Security List Archive
Re: Barring Bros Was:Re: SLL protocol implementation ?
daemon@ATHENA.MIT.EDU (Phillip M. Hallam-Baker)
Tue Feb 28 18:19:53 1995
To: www-security@ns2.rutgers.edu
cc: hallam@dxal18.cern.ch
In-reply-to: Your message of "Tue, 28 Feb 1995 12:53:54 EST."
<9502281753.AA18736@link.osf.org>
Date: Tue, 28 Feb 1995 20:03:30 +0900
From: "Phillip M. Hallam-Baker" <hallam@dxal18.cern.ch>
Reply-To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>> 1) The stock market board sets the attribute semantics.
>>
>> 2) Each company may define their own semantics.
>>
>> (1) is easiest to implement, (2) is easiest to administer. What is actually
<> needed is a set of Meta semantics which allow the creation of a semantics
which
>> fits the application.
>Just where are the semantics encoded? Some sort of default
>authorization engine? Some standard set of operations, and a function
>involving those ops, attribute values, and values associated with the
>request to be processed?
Separate the ability to specify from the ability to resolve, If someone wants to
create a set of attributes which are only used between two parties thats fine.
There is no requirement for a third party to know what the precise restrictions
are. Indeed it may be a requirement for the attributes to be secret (ie
encrypted).
So, as a fallback we can specify the semantics on paper and let the
implementations sort it out. Or maybe the sematics _require_ manual
intervention.
But for the most general case we want to have some reliable standbys. We want a
set of attributes which can be understood by standard software and have a well
defined legal interpretation for the benefit of the courts.
Provided we allow for the inference engine itself to be defined by a link we can
always create arbitarily complex/bizare schemes as the need arises. what we
should ensure however is that the process is is well defined at a level which
permits the parties to later on go to a third party and have an arbitration on
the position. If parties chose to engage in ill defined and undecidable schemas
well we can't stop people cutting their own throats.
Phill.
