-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am trying to find out how to implement the USER-CHAIN-ACL access control policy defined in this I-D as a script, and there is something I do not understand.
First of all, I assume that this draft is using the features defined in base-13 and that no modifications in the -base document is needed to develop this policy. My problem is with the 4th paragraph of section 3: "Access Control Policy: To ensure write access to Shared Resource by Authorized Peers, each Usage MUST permit the USER-CHAIN-ACL access policy (see Section 5.4) in addition to its regular access policies (USER-MATCH, USER-NODE-MATCH, etc.)." I do not see in -base how two (or more) Access Control Policies can be used for one Kind. We have the same thing in draft-knauf-p2psip-disco: "Access Control Policy: Authorized focus peers are allowed to write the DisCo-Registration using the USER-CHAIN-ACL access policy. The conference creator (and resource owner) is the only exception: he is allowed to write based on the USER-MATCH or USER-PATTERN- MATCH policy." How a kind (DisCo-Registration in this case) can use two different access control policy? (Note that the configuration schema clearly states that a kind element contains one data-model element and one access-control element). Thanks. - -- Marc Petit-Huguenin Personal email: [email protected] Professional email: [email protected] Blog: http://blog.marc.petit-huguenin.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk3NwaAACgkQ9RoMZyVa61dlZwCeNlDcg0W7NiYYF7AuiXCmvWkS 6V4AniHrLWAEQjTYb3M3JqQ8jvO5BOD3 =U1x+ -----END PGP SIGNATURE----- _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
