I’ve been debating with some folks about the best method circulating policy restrictions in SROS for enforcing access control. The two of them so far are:
- Decentralized
- Certificate Embedding
- Centralized
- Online Arbiter
I’d like to invite the rest of the community to put forth their own opinion, and so I have started a short wiki entry expanding upon the approaches. Please feel free to reply with your remarks here and/or concisely clarify the comparison on the wiki as you see them:
http://wiki.ros.org/SROS/Concepts/PolicyDissemination
To be honest I’ll admit my bias for Certificate Embedding.
Not only is this what I’ve developed in SROS so far, but I also see it as:
- More Secure
- Harder to circumvent or exploit
- Less Invasive
- Modification can be kept out of client library
- Autonomous
- Access control is self contained and validated in TLS
But don’t be afraid to play devil’s advocate.