1 Apr 2010 15:50
Re: kdc-model: Separation of KeySets
Thomas Hardjono <hardjono <at> MIT.EDU>
2010-04-01 13:50:37 GMT
2010-04-01 13:50:37 GMT
> -----Original Message----- > From: ietf-krb-wg-bounces <at> lists.anl.gov [mailto:ietf-krb-wg- > bounces <at> lists.anl.gov] On Behalf Of Jeffrey Hutzelman > Sent: Wednesday, March 31, 2010 3:06 PM > To: Henry B. Hotz; Greg Hudson > Cc: ietf-krb-wg <at> lists.anl.gov; Sam Hartman; jhutz <at> cmu.edu > Subject: Re: [Ietf-krb-wg] kdc-model: Separation of KeySets > > --On Wednesday, March 31, 2010 11:04:42 AM -0700 "Henry B. Hotz" > <hotz <at> jpl.nasa.gov> wrote: > > > > > On Mar 31, 2010, at 9:43 AM, Greg Hudson wrote: > > > >> I feel a little weird saying "MUST facilitate," but the concept being > >> expressed here is a little vague. > > > > > > MUST restrict (protect?) access to KeySet data. > > > > MAY allow less restrictive access to other data. > > We're getting ahead of ourselves here. This is a data model document, not > a schema document. Implementations of this document are schemas, and the > goal was to REQUIRE schemas to separate KeySet and other data sufficiently > well that an implementation of the schema would give the administrator the > flexibility to do so operationally. I think we've been trying to avoid, in > this document, defining requirements for implementations of schemas based > on it. I'm following this thread and have to agree with Jeff. This is an Information Model document. Why are we talking about key protection, access control, etc. etc. in this doc? /thomas/ _______________________________________________ ietf-krb-wg mailing list ietf-krb-wg <at> lists.anl.gov https://lists.anl.gov/mailman/listinfo/ietf-krb-wg
RSS Feed