- From: Stephen Farrell <stephen.farrell@baltimore.ie>
- Date: Wed, 04 Dec 2002 15:05:45 +0000
- To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
- CC: Daniel Ash <dash@68summit.com>, Just.Mike@tbs-sct.gc.ca, reagle@w3.org, www-xkms@w3.org
> > In that case, I still have to ask whether valid(p1,p2)=>valid(p1)
> > and regardless of whether that's a "yes" or "no", what goes in
> > the spec?
>
> OK, I believe the answer is yes.
So its wrong/a bad idea to define & use p1, p2 & p3 as follows:
p1: key is generated according to rules a,b,c
p2: key is good for €1000
p3: key is good for $1000
where a responder is configured (howsoever) with the following
logic:
if (p1) {
if (p2 || p3) status=notYetInvalid;
} else {
status=Invalid;
}
Does that sufficiently illustrate the quagmire of exposing policy
arithmetic? I'm sure equally daft examples could be given if
you'd said "no" above.
But, I don't think we need take this further for now (unless someone
else wants to chime in), until we've text that captures this thread.
Stephen.
--
____________________________________________________________
Stephen Farrell
Baltimore Technologies, tel: (direct line) +353 1 881 6716
39 Parkgate Street, fax: +353 1 881 7000
Dublin 8. mailto:stephen.farrell@baltimore.ie
Ireland http://www.baltimore.com
Received on Wednesday, 4 December 2002 10:09:41 UTC