[x500standard] Re: relying party or privilege verifier

• From: David Chadwick <d.w.chadwick@xxxxxxxxxx>
• To: x500standard@xxxxxxxxxxxxx
• Date: Wed, 09 Apr 2014 09:42:37 +0100

Hi Erik

the definitions from the standard are as follows

privilege verifier:  An entity verifying certificates against a
privilege policy.

relying party:  A user or agent that relies on the data in a certificate
in making decisions.

It does not take too much inference to work out that a privilege
verifier is a subtype of relying party. But we could add a clarifying
sentence to the definition of privilege verifier to say "A type or
component of a relying party".

regards

David

On 09/04/2014 08:07, Erik Andersen wrote:
> Hi David,
> 
> It is mostly a philosophical question whether privilege verifier is part of
> relying party. I do not believe it is stated anywhere in X.509. I believe an
> innocent reader will be confused when the whole section talks about
> privilege verifier and suddenly see relying party as  synonym.
>  
> Regards,
> 
> Erik
> -----Original Message-----
> From: x500standard-bounce@xxxxxxxxxxxxx
> [mailto:x500standard-bounce@xxxxxxxxxxxxx] On Behalf Of David Chadwick
> Sent: Tuesday, April 08, 2014 7:02 PM
> To: x500standard@xxxxxxxxxxxxx
> Subject: [x500standard] Re: relying party or privilege verifier
> 
> Hi Erik
> 
> they are the same entity, arent they? The privilege verifier is a component
> of the relying party
> 
> regards
> 
> David
> 
> 
> On 08/04/2014 15:45, Erik Andersen wrote:
>> The second to the last paragraph of clause 13 of X.509 says:
>>
>>  
>>
>> In both deployment models, the SOA issues attributes/privileges to 
>> subordinate AAs. The AAs then request the DS to issue a subset of 
>> these privilege attributes to other holders. In the second deployment 
>> model, the DS can check that an AA is delegating within the overall 
>> scope set by the SOA; in the first deployment model, the DS cannot 
>> check and the relying party will have to check that delegation was
> performed correctly.
>>
>>  
>>
>> I assume that it should say "privilege verifier" instead of "relying 
>> party". Right?
>>
>>  
>>
>> Erik
>>
>>  
>>
>>  
>>
> -----
> www.x500standard.com: The central source for information on the X.500
> Directory Standard.
> 
> -----
> www.x500standard.com: The central source for information on the X.500 
> Directory Standard.
> 
> 
-----
www.x500standard.com: The central source for information on the X.500 Directory 
Standard.

• Follow-Ups:
  • [x500standard] Re: relying party or privilege verifier
    • From: Erik Andersen
  • [x500standard] Re: relying party or privilege verifier
    • From: DP-Security-Consulting

• References:
  • [x500standard] relying party or privilege verifier
    • From: Erik Andersen
  • [x500standard] Re: relying party or privilege verifier
    • From: David Chadwick
  • [x500standard] Re: relying party or privilege verifier
    • From: Erik Andersen

Other related posts:

• » [x500standard] relying party or privilege verifier- Erik Andersen
• » [x500standard] Re: relying party or privilege verifier- David Chadwick
• » [x500standard] Re: relying party or privilege verifier- Erik Andersen
• » [x500standard] Re: relying party or privilege verifier - David Chadwick
• » [x500standard] Re: relying party or privilege verifier- Erik Andersen
• » [x500standard] Re: relying party or privilege verifier- DP-Security-Consulting

1. Home
2. x500standard
3. Archive
4. 04-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---