[Jsdsi-devel] circular proofs
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
[Jsdsi-devel] circular proofs
|
From: Sameer A. <aj...@cs...> - 2004-02-12 15:41:01
|
>> > 5. A class to detect circular questions. >> Like "Does Alice grant read access to Alice"? > > No. More when: > Alice grants read to Bob > Bob grants read to Carol > Carol grants read to Alice > > And you then ask to Prove that Derek can read - it prevents the Prover > (and Searcher) going round in a circular reference). Works by each > Pipeline having a CircularQuestionDetector which keeps track of recent > questions and throwing an exception if one re-appears. Are you sure the Prover goes around this repeatedly? It's designed to handle this case cleanly: before it inserts a new certificate, it first checks whether it has already seen that certificate. This way, the Prover is guaranteed to stop when all possible certificate compositions are done. I have just checked in a CertPathTest that exercises this behavior. In input certificate set is defined in the file certs.in.5: ALICE +read -> BOB BOB +read -> CAROL CAROL +read -> ALICE The output file certs.out.5 contains all of the certifcates that the Prover found: ALICE +read -> ALICE ALICE +read -> BOB ALICE +read -> CAROL BOB +read -> ALICE BOB +read -> BOB BOB +read -> CAROL CAROL +read -> ALICE CAROL +read -> BOB CAROL +read -> CAROL The prover does in fact terminate, so I believe it works okay with circular cert sets. Can you create a test that fails? Sameer |
