I would imagine that one method would be for the entity desiring to obtain key identifiers would be to list the attributes of the keys that it is interested in. By passing in such an attribute list, then a compilation of the key identifiers which satisfy the attribute list could be provided. Proper Least Privilege restrictions would restrict the entity from including any attributes in the request that are not consistent with the applications needs. These "needs" could be listed in a security policy which is enforced by the Security Model. In that way the application could only find out about keys which a constrained to that attribute set.
________________________________ From: Nanjundiah, Girish [[email protected]] Sent: Thursday, June 02, 2011 7:17 PM To: CICM Discussion List Subject: [cicm] Key Identifers Hello Everyone, Sorry if this question is extremely obvious or just hasn’t been answered but I’m a little confused as to how we are meant to access the CICM::CharString identifier attribute of the CICM::Key class. I’m assuming attributes are all private or protected, so how is one to access the identifier? While it is easy to obtain its value with CICM::Key::export, I can’t seem to find a way to set it without adding another function or a constructor for the CICM::Key class… Thanks, -Girish Nanjundiah _______________________________________________ cicm mailing list [email protected] https://www.ietf.org/mailman/listinfo/cicm
