-
Key: SEC14-16
-
Legacy Issue Number: 2028
-
Status: open
-
Source: Anonymous
-
Summary:
Summary: I"m having real problems trying to interpret the specification on the
own_credentials list.
I"m working from the Security Spec 1.2, 5 Jan 1998
It seems to be implied by paragraph 4 of 15.5.4.1 Description of
Facilities on page 15-87, which says:Credential objects are created as a result of:
o Authentication (see Section 15.5.3, "Authentication of Principals", on
page 15-85.
o Copying an existing Credentials Object
o Asking for a Credentials object via Current (see Section 15.5.6,
"Security Operations on Current" on page 15-97).and, by paragraph 7 of section 15.5.6.3 SecurityLevel2::Current
Interface:own_credentials
Any application owns a set of credentials which it obtains through the
process of authentication of the principal that initiates the execution of
the program, and further from other credentials that such a principal
might bestow upon the application. This attribute returns this set of
credentials.Okay, so the problem is that these statements imply, but do not explicitly
stipulate that the PrincipalAuthenticator puts Credentials objects on the
"own_credentials" list. -
Reported: SEC 1.4 — Fri, 2 Oct 1998 04:00 GMT
-
Updated: Fri, 6 Mar 2015 20:58 GMT