From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
On Thu, Mar 11, 2004 at 03:17:01PM -0500, Alan DeKok wrote:
The domain publishing LMAP information is publishing a policy: Who
is authorized to use it's name.
No. That's not a policy, that's authorization.
Hadmut, it is a policy. It is not authorization in this context. The
record is there because someone was authorized to put it there but it
is not authorization data as far as I am concerned.
The MTA receiving an SMTP connection
may choose to enforce that policy. That enforcement is called
authorization.
No. The receiving MTA is enforcing it's own policy. It's the
receiver's policy to accept, tag, reject, burn unauthorized messages.
The receiving MTA has an authorization policy.
Be careful with wording here. You just swapped them.
Alan is not entirely consistent with the language that has been
developed by the field but he is a lot closer.
The best model here is to look at the work we have done here
in the context of Web Services, in particular SAML and
WS-Policy.
Phill