Hi Tom,
My immediate reaction is that although I agree it might be a useful feature for a SACRED service to support, I don't see it as part of the SACRED protocol itself. I guess that I pictured the administrative interface as being separate (e.g. maybe manually at the machine where the credential server resides or possibly some other protocol that permits remote access by an administrator). There are probably numerous other administrative tasks that need to be performed as well, but suspect that its wise to keep them separate from the regular user interface.
Mike
> -----Original Message-----
> From: Tom Jordan [mailto:tjordan@xxxxxxxxxxxxx]
> Sent: Tuesday, March 27, 2001 10:31 AM
> To: ietf-sacred@xxxxxxx
> Subject: Additional operations
>
>
>
> Folks,
>
> In addition to the specified operations (GET-PUT-DELETE), I'd invite
> discussion on the need for operations to be applied by an
> administrative
> user. I'd propose two new operations - LOCK and UNLOCK that would
> respectively limit or allow a user to retrieve credentials without the
> need to destroy the credentials themselves.
>
> Granted that this implies maintaining some state information
> regarding the
> opaque credentials themselves, but perhaps there's some value to it.
>
> --Tom
>
>