Yoav Nir wrote:
>
> In Chicago there was some controversy about whether multiple
> administrators should be in scope. This charter draft says that
> they're in. I'm not saying they shouldn't be, but it does add complexity.
>
Multiple admins would seem to imply the need for a standardized way
to express access policy. Whenever the 'P-word' turns up I get nervous
since there aren't a lot of _good_ examples of standardized policy-
language. From the questions you list it sounds to me like the policy/aci
language for trust-stores could be about as complex as that of any
directory. Say you want to control access to the attributes associated
with a trust anchor for instance - that would immediately suck in the
whole mess of directory aci:s by reference.
All of this can be done of course but it probably helps to jump into that
hole with eyes open ;-)
Cheers Leif
