RE: [dss] Policy-wise Server profile doc

[Trevor Perrin <trevp@trevp.net>]

At 10:24 AM 3/22/2004 -0500, you wrote:

>Hi Trevor, just to summarize, you question the relevance of supporting
>signed policy statements, partly because of complexity and partly because of
>the fact that, as the DSS Server must already trust its client to send only
>valid requests, it might as well also trust it to send policy.
>
>With respect to complexity, I'm sure we could support signed policy with a
>minimum of additional complexity.
>
>With respect to the latter, to my mind, you are conflating two different
>trust decisions that the DSS Server needs to make - 'Is the request coming
>from a trusted client?' and 'Do any policy statements in the request come
>from a trusted policy authority (that is authoritative for the document to
>be signed and the eventual recipient)?'
>
>The DSS Server makes the first trust decision based on the identity of the
>requestor and some criteria that defines the community of trusted clients.
>
>The DSS Server makes the second trust decision based on the origin of the
>policy statements, and some combination of the nature of the doc being
>signed and the eventual recipient.
>
>It may be the case that the two communities - 'trusted clients' and 'trusted
>policy authorities' are the same.

That's a good summary - I guess I think that the 1st community is a subset 
of the 2nd - trusted clients are also trusted policy authorities.

Or at least, if you trust them to send the input documents, you should 
trust them to the lesser degree of sending policy.

Trevor