On 20/08/2019 11:18, Peter van der Stok wrote:
Example: If you have a CWT authorizing A for audience Z and you now also need authorization B for audience Z, you should request a CWT for A+B for audience Z, that replaces your previous one.Do I understand? two possibilities: A and B are members of audience Z; no new CWT neededB is a new member of audience Z; then audience Z becomes audience Z-prime and a new CWT seems reasonable.Peter
No Peter,sorry for being unclear. In my example A and B were permissions. Let me clarify:
You have a CWT authorizing to "read" (that's my A) traffic in group Z, now you also want authorization to "write" messages to group Z (that's my B). What I'm saying is you should get a new CWT that says "read+write on Z" (and not a separate one that says "write on Z" to combine with the first one "read on Z").
/Ludwig -- Ludwig Seitz, PhD Security Lab, RISE Phone +46(0)70-349 92 51
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
