Hadmut Danisch <hadmut(_at_)danisch(_dot_)de> wrote:
The domain publishing LMAP information is publishing a policy: Who
is authorized to use it's name.
No. That's not a policy, that's authorization.
The set of authorization information, and the rules for when to
apply them, is called a "policy".
e.g. "We allow employees to enter our secret lab, but not clients."
The application of that policy is called "authorization".
e.g. "This person is a client. The policy states that they are not
allowed to enter the secret lab, so the security guard does not
authorize them to enter it."
Note that one part of the policy may be that authentication is
required, and what kind of authentication is required.
e.g. "Sorry, sir. You claim you're an employee named Bob, but need
to see a company-issued identity card before we let you into the
secret lab."
Some people may not be authorized to use certain kinds of
authentication.
e.g. "You're wearing a FedEx uniform. I don't care that you have an
employee card issued by the company, I'm not letting you in to our
secret lab."
The receiving MTA is enforcing it's own policy. It's the
receiver's policy to accept, tag, reject, burn unauthorized messages.
The receiving MTA may also be enforcing the domains published LMAP
policy. There's no requiremt for it to follow that policy, though.
Alan DeKok.