Trust rules for csi-v2: We derive B from Kb by authentication (Kb => B); B controls A means that B is trusted on A; B|A means B is quoting A; (or) B says A says s; B|A is a quoting principal; (Abadi etal)
B is auth token identity; A is identity token identity; Backward trust: Kb => B; Local Trust Root controls: B controls A (B is trusted to assert A) (local trust rules) B|A says s; (s is request that is invoked as A) Forward trust: Kb => B; Kz controls (B is a proxy for A); (this is authorization assertion signed by Kz); B|A says s; (s is request that is invoked as A) Csi-v2 principals: QuotingPrincipal class has getQuotedPrincipal() (A) and getQuotingPrincipal() (B) methods; QuotingPrincipal instance is added to the subject; We can write authorization rules in terms of B|A, eg map B|A into roles. Comments? Simon
