OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xdi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xdi] RE: [External] Re: [xdi] A quick link contract riddle

Bill, yes, see the summary of the syntax at https://wiki.oasis-open.org/xdi/GraphModelStructure. This was the result of the syntax simplification effort that took most of the spring.

On Tue, Jul 16, 2013 at 6:21 AM, Barnhill, William [USA] <barnhill_william@bah.com> wrote:

Syntax question from the example…can XDI addresses have GT and LT signs in them now? Ex: =a*b<+c>&/&/"hello"



From: xdi@lists.oasis-open.org [mailto:xdi@lists.oasis-open.org] On Behalf Of Drummond Reed
Sent: Tuesday, July 16, 2013 3:59 AM
To: Markus Sabadello
Subject: [External] Re: [xdi] A quick link contract riddle


On Mon, Jul 15, 2013 at 11:36 AM, Markus Sabadello <markus.sabadello@xdi.org> wrote:

I thought I'd share this with the list:


Let's say we have this graph:





And this link contract in the same graph:




Now let's look at the following two messages:


Message 1:





Message 2:





Message 1 will obviously fail, because the link contract doesn't cover the requested statement.


Now my question is, will Message 2 fail or succeed? Anyone?


It should succeed. Reason: If the link contract authorizes the sender (which you didn't show any policy for) to get =a*b, then I believe it should authorize the sender to discover that =a has a subcontext *b. In otherwise, implicit context statements should be included in the authorization policy.


If it ends out being a security issue, I could see us adding a policy statement covering whether discovery of implicit statements is allowed under the link contract or not.


Is that what you are asking?



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]