February
23, 2003
Apricot 2003, Taipei, (.TW)
Slide 48
Closer look at update-policy
¥update-policy
{grant * self * A TXT;};
¥Syntax definition
¥( grant | deny ) identity
nametype name [ types ]
¥First matching rule is
used
¥Grant explicitly permits, Deny explicitly
"denies"
¥Why is
this better?
¥Fine grained access control
¥Rarely will one key be allowed to change "anything"