I've been debating with some folks about the best method circulating policy restrictions in SROS for enforcing access control. The two of them so far are: * Decentralized * Certificate Embedding * Centralized * Online Arbiter I'd like to invite the rest of the community to put forth their own opinion, and so I have started a short wiki entry expanding upon the approaches. Please feel free to reply with your remarks here and/or concisely clarify the comparison on the wiki as you see them: http://wiki.ros.org/SROS/Concepts/PolicyDissemination To be honest I'll admit my bias for Certificate Embedding. Not only is this what I've developed in SROS so far, but I also see it as: * More Secure * Harder to circumvent or exploit * Less Invasive * Modification can be kept out of client library * Autonomous * Access control is self contained and validated in TLS But don't be afraid to play devil's advocate. --- [Visit Topic](http://discourse.ros.org/t/developing-with-sros/861/9) or reply to this email to respond. If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates. ______________________________________________________________________________ ros-users mailing list ros-users@lists.ros.org http://lists.ros.org/mailman/listinfo/ros-users Unsubscribe: