On 7 Nov 2012, at 01:39, Benjamin Kaduk wrote: >> [After the lifetime, byte-life, etc fields are specified] >> + The identity in the new "combined" token is an application-specific >> + combination of the identities of the input tokens; note that this >> + combination may not be commutative. > > In particular the combined identity need not represent either the union nor > intersection of the privileges associated with the two identities. (Right? I > had asked rougly this question earlier but I don't think I got a reply.)
Right. The nature of the combined entity is entirely up to the application. It can chose to use as much (or as little) information from the provided tokens as it wishes. I wonder if we can be even less specific, and just have: + The identity in the new "combined" token is an application-specific + combination of the identities of the input tokens. Application specific covers that it may, or may not be, commutative. Cheers, Simon _______________________________________________ AFS3-standardization mailing list [email protected] http://lists.openafs.org/mailman/listinfo/afs3-standardization
