Lines Matching full:are
40 Details on the API, assertion syntax, and command-line tool are given in
59 which are operations with security consequences that are
64 which are entities that can be authorized to perform actions.
68 which govern the actions that principals are authorized to perform.
90 Furthermore, policies and credentials are written in standard languages
91 that are shared by all trust-managed applications; the security configuration
94 themselves are quite different.
96 Trust-management policies are easy to distribute across networks, helping
112 KeyNote assertions are essentially small, highly-structured programs.
117 the same syntax as policy assertions but are also signed by the principal
123 Actions are specified as a collection of name-value pairs.
137 Policy compliance values are always positively derived from policy and
149 KeyNote principals are identified by a string called a
161 Actions are any trusted operations that an application places under
165 Actions are described to the KeyNote compliance checker in terms of a
169 Its structure and format are described in detail elsewhere of this document.
198 Assertions are the basic programming unit for specifying policy and
216 principal are called
218 and are used to delegate authority to otherwise untrusted principals.
225 These signed assertions are also called
228 Policies and credentials share the same syntax and are evaluated according
234 policies and credentials that are amenable to transmission and storage
264 These semantics are defined later in this document.
277 Trusted actions to be evaluated by KeyNote are described by a collection of
280 Action attributes are the mechanism by which applications communicate
281 requests to KeyNote and are the primary objects on which KeyNote
287 The semantics of the names and values are not interpreted by KeyNote itself;
292 Action attribute names and values are represented by arbitrary-length
299 Attribute values are inherently untyped and are represented as
312 Attribute names are case sensitive.
319 character are reserved for use by the KeyNote runtime environment and
321 The following special attribute names are used:
338 is an ASCII-encoded integer, are used by the regular expression matching
350 The app_domain convention helps to ensure that credentials are
398 explicitly, while others are looked up externally (e.g., credentials might
416 if several principals are authorizers, their identifiers are separated
428 include in this set only compliance value names that are actually returned
432 the query are available in the special attributes named
441 Values are separated with commas; applications that use assertions
447 fields or in an action's direct authorizers are performed after
456 Opaque identifiers are compared as case sensitive strings.
584 compliance value set are considered equivalent to _MIN_TRUST.
588 Recursively-nested clauses are evaluated only if their parent test is true.
603 Notice that string comparisons are case sensitive.
617 These match-attributes' values are valid only within subsequent references
676 Values that appear multiple times are counted with multiplicity.
677 For example, if K = 3 and the orders of the listed compliance values are
705 Observe that if there are exactly two possible compliance values
726 Unsigned, locally-trusted assertions are provided over a
728 interface, while signed credentials are provided over an
734 as reflecting local policy are submitted to KeyNote via the trusted interface.
741 a policy whose details are specified in signed credentials issued