OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] Policy-wise Server profile doc

I feel there may be a need to separate out those controls which come from
the requester and those which are a set of "policy controls" which come from
an authority in separate optional inputs.

Nick

> -----Original Message-----
> From: Trevor Perrin [mailto:trevp@trevp.net]
> Sent: 22 March 2004 17:01
> To: Paul Madsen
> Cc: dss@lists.oasis-open.org
> Subject: RE: [dss] Policy-wise Server profile doc
>
>
> At 10:24 AM 3/22/2004 -0500, you wrote:
>
> >Hi Trevor, just to summarize, you question the relevance of supporting
> >signed policy statements, partly because of complexity and
> partly because of
> >the fact that, as the DSS Server must already trust its client
> to send only
> >valid requests, it might as well also trust it to send policy.
> >
> >With respect to complexity, I'm sure we could support signed
> policy with a
> >minimum of additional complexity.
> >
> >With respect to the latter, to my mind, you are conflating two different
> >trust decisions that the DSS Server needs to make - 'Is the
> request coming
> >from a trusted client?' and 'Do any policy statements in the request come
> >from a trusted policy authority (that is authoritative for the
> document to
> >be signed and the eventual recipient)?'
> >
> >The DSS Server makes the first trust decision based on the
> identity of the
> >requestor and some criteria that defines the community of
> trusted clients.
> >
> >The DSS Server makes the second trust decision based on the origin of the
> >policy statements, and some combination of the nature of the doc being
> >signed and the eventual recipient.
> >
> >It may be the case that the two communities - 'trusted clients'
> and 'trusted
> >policy authorities' are the same.
>
> That's a good summary - I guess I think that the 1st community is
> a subset
> of the 2nd - trusted clients are also trusted policy authorities.
>
> Or at least, if you trust them to send the input documents, you should
> trust them to the lesser degree of sending policy.
>
> Trevor
>
>
> To unsubscribe from this mailing list (and be removed from the
> roster of the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/dss/members/leave_wor
kgroup.php.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]