Supun Kamburugamuva wrote:
Hi,
(1) sts client doesn't need service policy. Algorithm suit as well as
trust assertions have to be obtained from issuer policy.
I think there are few bugs related to this issue. Milinda is working on
those things.
(2) if sts needs entropy from client, who is responsible for creating
it?? is it trust_sts_client or implementation(client/who ever) using
trust_sts_client? IMHO it should be trust_sts_client by looking at the
sts policy.
Entropy should be created by client (by setting trust_entropy_t in RST in
client code) and also STS should handle it by using populated RSTR (i.e.
trust_rstr_get_entropy())
Yes this is the responsibility of the client. But we can automate this
by looking at the STS policy. So Kasun I think we need to implement
this as well.
I agree with Supun. We should be able to automate the creation of
entropy, merging the server + client entropy to create the key, etc.
Even, if we are doing it in client, then client has to check the policy
and then do that. So, we can easily automate it and move it to
trust_sts_client.
Regards,
Shankar
Regards,
Supun..
