[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "trust management" vs. "certified identity"



...
>That's not to say that the certification approach can't be general, though.  
>It occurred to me that a very general certificate format would
>simply be to sign some assertions (predicates), and then 
>feed all available signed predicates plus some axioms (the analogue 
>of root keys) into a theorem prover.  Sounds slow though.  More 
>practically perhaps, you could sign some kind of (safe) interpreted code, 
>and have the verifier execute it on some initial variable set to come up with
>some access decision.  
>
Yes.  That's pretty much PolicyMaker in a nutshell.

-matt