Date: Mon, 16 Aug 1993 17:42:06 +0100
From:
P(_dot_)V(_dot_)McMahon(_at_)rea0803(_dot_)wins(_dot_)icl(_dot_)co(_dot_)uk
...
a subject which the AAC WG ought to address. Nothwithstanding such
organisational concerns, it certainly seems to be inappropriate
to effectively entrench an access control mechanism by default (which
seemed to me to be the intent of Jeff's remarks).
Actually I believe we agree. I didn't intend to bias things toward
"pull" model versus "push" model. My point is simply that these
decisions, which you accurately label as access control decisions,
belong outside the signed contents of an X.509 certificate.
My example was to use server based access control, but PA certs will
work as well.
-Jeff