Folks, These are just some thoughts inspired by our discussion on user list and the multi-level representation for labels.
What do you think if role labels could have embedded, interpretable, simple micro-grammar structure that if present could be used to augment the role label semantics with additional meaning - e.g. place, time, relationship. For example: if regular label is followed by : :read:4294967295 or read:4294967295-4294967312 this would mean that this role label is effective between these timestamps. We could further expand the grammar to include some of the simple and easily verifiable conventions. for instance label: administrator@tn could mean that this is a role of an administrator but effective only for the state of Tennessee. = could mean "is" read=administrator@tn Would indicate read privileges at the admin level at Tennessee. -- Edmon
