[Cap-Talk] Re: Take two: Where would a SPKI/SDSI authorization certificate go?
David L. Nicol
david@kasey.umkc.edu
Mon, 16 Jul 2001 14:05:23 -0500
> BEGIN PROPOSAL 2
>
> 7.1.11. AUTHORIZE Command
>
> Arguments: a [RFC2692/RFC2693] SPKI Authorization Certificate
>
> Data: None
>
> Result: 2.0
> 7.1 Certificate does not signify anything
> 7.2 Certificate expired
> 7.3 Certificate VCAR denied
> 7.4 Too many bad certificates
>
> The "AUTHORIZE" command allows the UPN to acquire additional
> VCARs for the duration of the current session. This command
> may only be called in the Identified State.
>
> The CS determines through an internal mechanism if the
> credential supplied permits the granting of any VCAR. If it
> does, the UPN may acquire the new VCAR for the current session,
> otherwise a security error is returned.
>
> END PROPOSAL 2
The text following a 2.0 response code SHOULD be a
human-readable,
localized to the UPN's preference, describing the access right granted,
such as "você pode editar descrições do evento no quarto de reunião #4
em quarta-feira de 2 a 4 PM."
VCARs acquired through SPKI certificate MAY persistently associate with
the UPN, or not, according to the CS. All VCARs acquired by the Anonymous
UPN MUST be associated with the particular session only, and MUST be
released on session end.