Re: [Jsdsi-devel] SimpleTag -- ALL_TAG

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Guys,

Yep, has been a little quiet on the list - though for me, that doesn't
mean that I haven't been playing with SPKI (JSDSI). On the contrary, I
have been doing nothing but... However, it's all been 'higher-level'
stuff: some jsdsi utilities; a web-based Principal (and Name/Auth)
management system; and a certificate server. Still LOADS to do! My
'dream' is to present a plausible promise of using SPKI as a security
infrastructure and then making it all open source (that last bit depends
on company strategy, but all the board members are keen, but actually
doing so depends on lots of factors).

As regards to the ALL_TAG issue. I'm not sure. Still not looked in great
detail about tag handling and intersection. However, it does seem
logical to allow the ALL_TAG as a SimpleTag to me, and in looking
through the SPKI mailing list that is how Carl says it should be - as he
says, he needs to update the documentation.

Regards,

Sean

On Sat, 2003-08-02 at 19:58, Michael Jaeger wrote: 
> Hi,
> 
> there has been a lot of silence on the lists the last months.  Today I found 
> the time to work on jsdsi and the first thing i wanted to fix was the 
> SimpleTag:  As i wrote previously, the combination with the ALL_TAG is 
> currently not correct.  As a reminder here is what i wrote:
> 
> > I've got a suggestion for JSDSI:  I don't know if I'm right, but maybe we 
> > should overthink the implementation of the ALL_TAG.  Currently it's a 
> > Tag and not an ExprTag, which means that you can't use it in a SimpleTag.  
> In 
> > RFC 2693 Ellison et al. quote an example in section 6.5.7 which looks like 
> > this:
> > 
> > (tag (* set (ssl) (dns (*))))
> > 
> > This examples looks like the ALL_TAG is allowed in a SimpleTag.  What do you 
> > think?  In my opinion it makes sense to allow the ALL_TAG in SimpleTags.
> 
> As Carl Ellison replied to my question on the SPKI Mailinglist this behaviour 
> is wrong and not covered in the BNF.
> 
> For my diplomathesis I just changed the implies()-method in the following way, 
> which is quite a dirty fix:
> 
> 	boolean implies(Tag that) {
> 		// By mic...@in...
> 		 if( (value.equals("*") && tags.length==0) ) {
> 			 return true;
> 		 }
> 
> 		 if( that instanceof SimpleTag ) {
> 			 SimpleTag sThat = (SimpleTag) that;
> 			 if( sThat.getValue().equals(value) && tags.length==sThat.getTags().length) 
> {
> 				 for(int i=0; i<tags.length; i++ ) {
> 					 if( !tags[i].implies(sThat.tags[i]) ) {
> 						 return false;
> 					 }
> 				 }
> 				 return true;
> 			 }
> 		 }
> 		 return false;
> 	}
> 
> My suggestion is to solve the problem by refactoring the ALL_TAG.  This could 
> otherwise be problematic as this would mean altering the BNF-scheme defined 
> by Carl Ellison.  What do you think?
> 
> All the best,
> Michael.
> 
> 
> 
> --
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
> _______________________________________________
> Jsdsi-devel mailing list
> Jsd...@li...
> https://lists.sourceforge.net/lists/listinfo/jsdsi-devel

-- 
Dr. Sean Radford, MBBS, MSc
<sra...@ae...>
Aegeus Technology Ltd.