[Top] [All Lists]

Re: OPES and content path security

2002-03-12 22:13:28


We may want to extend the notion above to encompass callout
servers, but I'm not sure.

I would say 'yes', it should be extended to emcompass callout servers, in particular as callout servers might be in an authoritative domain different from the one the OPES intermediary is in.

A topic for discussion, I believe, is whether or not "transparent"
delegation is allowed, [...]

What exactly do you mean by "transparent" delegation? Do you mean sort of "transitive", i.e. if A trusts B and B trusts C, than B can "transparently" delegate authority given by A to C?

Should the OPES callout servers be visible parts of the delegation

Hm, I would say 'yes', see above. It might, for example, be possible that the same service is available on different callout servers, but I only trust few of them...

In the consideration 2.2 below, it appears to me that that the only
OPES intermediaries permitted would be one "hop" away from the end-user,
effectively preventing any publisher-authorized intermediaries.

Isn't it the case that the publisher also is an end-user, thus allowing the publisher to authorize intermediaries one hop away?

Further, while this language would seem to preclude chained
intermediaries, later language specfically overrides this notion,
apparently allowing trusted chains of intermediaries, possibly without
explicit trust relationships (?).

Could you give a specific example where the docment later overrides this notion? You're certainly right that we need to clarify this.


<Prev in Thread] Current Thread [Next in Thread>