OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xdi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xdi] A quick link contract riddle


On Mon, Jul 15, 2013 at 11:36 AM, Markus Sabadello <markus.sabadello@xdi.org> wrote:
I thought I'd share this with the list:

Let's say we have this graph:

 =a*b<+c>&/&/"hello"
 =a/+friend/=x

And this link contract in the same graph:

 $do/$get/=a*b

Now let's look at the following two messages:

Message 1:

 =sender[$msg]!1$do/$get/(=a/+friend/=x)
 =sender[$msg]!1/$do/$do

Message 2:

 =sender[$msg]!1$do/$get/(=a/()/*b)
 =sender[$msg]!1/$do/$do

Message 1 will obviously fail, because the link contract doesn't cover the requested statement.

Now my question is, will Message 2 fail or succeed? Anyone?

It should succeed. Reason: If the link contract authorizes the sender (which you didn't show any policy for) to get =a*b, then I believe it should authorize the sender to discover that =a has a subcontext *b. In otherwise, implicit context statements should be included in the authorization policy.

If it ends out being a security issue, I could see us adding a policy statement covering whether discovery of implicit statements is allowed under the link contract or not.

Is that what you are asking?

=Drummond 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]