摘要 |
A method and apparatus are provided for compliance checking in a trust-management system. A request r, a policy assertion (f0, POLICY), and n-1 credential assertions (f1, s1), ..., (fn-1, sn-1) are received, each credential assertion comprising a credential function fi and a credential source si. Each assertion may be monotonic, authentic, and locally bounded. An acceptance record set S is initialized to {( LAMBDA , LAMBDA , R)}, where LAMBDA represents a distinguished null string, and R represents the request r. Each assertion (fi, si), where i represents the integers from n-1 to 0, is run and the result is added to the acceptance record set S. This is repeated mn times, where m represents a number greater than 1, and an acceptance is output if any of the results in the acceptance record set S comprise an acceptance record (0, POLICY, R).
|