[Previous] [Next] [Index]
[Thread]
Re: Barring Bros Was:Re: SLL protocol implementation ?
>> 1) The stock market board sets the attribute semantics.
>>
>> 2) Each company may define their own semantics.
>>
>> (1) is easiest to implement, (2) is easiest to administer. What is actually
<> needed is a set of Meta semantics which allow the creation of a semantics
which
>> fits the application.
>Just where are the semantics encoded? Some sort of default
>authorization engine? Some standard set of operations, and a function
>involving those ops, attribute values, and values associated with the
>request to be processed?
Separate the ability to specify from the ability to resolve, If someone wants to
create a set of attributes which are only used between two parties thats fine.
There is no requirement for a third party to know what the precise restrictions
are. Indeed it may be a requirement for the attributes to be secret (ie
encrypted).
So, as a fallback we can specify the semantics on paper and let the
implementations sort it out. Or maybe the sematics _require_ manual
intervention.
But for the most general case we want to have some reliable standbys. We want a
set of attributes which can be understood by standard software and have a well
defined legal interpretation for the benefit of the courts.
Provided we allow for the inference engine itself to be defined by a link we can
always create arbitarily complex/bizare schemes as the need arises. what we
should ensure however is that the process is is well defined at a level which
permits the parties to later on go to a third party and have an arbitration on
the position. If parties chose to engage in ill defined and undecidable schemas
well we can't stop people cutting their own throats.
Phill.
References: