-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/20/2011 07:15 AM, Alexander Knauf wrote:
> Hi again,
>
> On 17.05.2011 01:15, Marc Petit-Huguenin wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi Alexander,
>>
>> On 05/16/2011 02:41 AM, Alexander Knauf wrote:
>>> Hi Marc,
>>>
>>> thanks for your feedback!
>>>
>>>
>>> On 14.05.2011 01:41, Marc Petit-Huguenin wrote:
>>> My problem is with the 4th paragraph of section 3:
>>>
>>> "Access Control Policy: To ensure write access to Shared Resource by
>>> Authorized Peers, each Usage MUST permit the USER-CHAIN-ACL access
>>> policy (see Section 5.4) in addition to its regular access
>>> policies (USER-MATCH, USER-NODE-MATCH, etc.)."
>>>
>>> I do not see in -base how two (or more) Access Control Policies can be used
>>> for
>>> one Kind.
>>>> I also see this conflict in the XML overlay config. document that only
>>>> allows a
>>>> single access control policy per Kind. If it would support multiple access
>>>> policies, something like this:
>>>> kind-parameter&= element access-control { access-control-type }*<-- note
>>>> the
>>>> asterisk, compare with base -13 p.122
>>>> the receiver of a store request could iterate over the those policies,
>>>> trying if
>>>> any of them is true.
>> Well, in this case I suggest that you talk to the -base authors to add this
>> behavior in the spec (Note that I am not saying that this is a good idea).
> Well, we were discussing alternatives to this and have the idea of some kind
> of
> "all-in-one" access control policy. Lets say the USER-CHAIN-ACL could be
> defined
> like:
>
> "a given value must be written if the request is signed with a private key
> whose
> hash..and-so-on"
> OR
> "must be written if <some text for the other policy> "
>
> We only specify one access policy per Kind that allows two variants for
> storage
> access.
OK, I think that with that I can write the scripts for the access policies, and
be sure that the next version of my draft contains everything to implement them.
I'll publish it (and the updated code for the tester) just after you publish
your updated draft.
Thanks.
- --
Marc Petit-Huguenin
Personal email: [email protected]
Professional email: [email protected]
Blog: http://blog.marc.petit-huguenin.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3WfkIACgkQ9RoMZyVa61f50QCgndPwhVJn1Te6aJ8ApG6jIAEI
tgIAn1AfPkyGw6DiSw2EH6JOnpWFwhmA
=YRCz
-----END PGP SIGNATURE-----
_______________________________________________
P2PSIP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/p2psip
