[x500standard] Re: relying party or privilege verifier
- From: "Erik Andersen" <era@xxxxxxx>
- To: <x500standard@xxxxxxxxxxxxx>
- Date: Wed, 9 Apr 2014 09:07:47 +0200
Hi David,
It is mostly a philosophical question whether privilege verifier is part of
relying party. I do not believe it is stated anywhere in X.509. I believe an
innocent reader will be confused when the whole section talks about
privilege verifier and suddenly see relying party as synonym.
Regards,
Erik
-----Original Message-----
From: x500standard-bounce@xxxxxxxxxxxxx
[mailto:x500standard-bounce@xxxxxxxxxxxxx] On Behalf Of David Chadwick
Sent: Tuesday, April 08, 2014 7:02 PM
To: x500standard@xxxxxxxxxxxxx
Subject: [x500standard] Re: relying party or privilege verifier
Hi Erik
they are the same entity, arent they? The privilege verifier is a component
of the relying party
regards
David
On 08/04/2014 15:45, Erik Andersen wrote:
> The second to the last paragraph of clause 13 of X.509 says:
>
>
>
> In both deployment models, the SOA issues attributes/privileges to
> subordinate AAs. The AAs then request the DS to issue a subset of
> these privilege attributes to other holders. In the second deployment
> model, the DS can check that an AA is delegating within the overall
> scope set by the SOA; in the first deployment model, the DS cannot
> check and the relying party will have to check that delegation was
performed correctly.
>
>
>
> I assume that it should say "privilege verifier" instead of "relying
> party". Right?
>
>
>
> Erik
>
>
>
>
>
-----
www.x500standard.com: The central source for information on the X.500
Directory Standard.
-----
www.x500standard.com: The central source for information on the X.500 Directory
Standard.
Other related posts:
