17 Dec
2003
17 Dec
'03
11:17 p.m.
...
That's not to say that the certification approach can't be general, though. It occurred to me that a very general certificate format would simply be to sign some assertions (predicates), and then feed all available signed predicates plus some axioms (the analogue of root keys) into a theorem prover. Sounds slow though. More practically perhaps, you could sign some kind of (safe) interpreted code, and have the verifier execute it on some initial variable set to come up with some access decision.
Yes. That's pretty much PolicyMaker in a nutshell. -matt