"veyron2/security": Caveat and CaveatValidator
In accordance with the plan in
https://veyron-review.googlesource.com/#/c/4102/ this CL makes the
following changes:
1) Removes the ServiceCaveat type
2) Renames the Caveat type to CaveatValidator
3) Adds new Caveat and ThirdPartyCaveat types
4) Minor method renames in security.Context
Notes:
* CaveatValidator is an interface with a method Validate. All
concrete caveat implemenations must implement this interface.
* A Caveat is a serialized caveat implementation obtained using
the security.NewCaveat(CaveatValidator) factory function.
* A ThirPartyCaveat is an interface that embeds CaveatValidator along
with other methods for obtaining the ID, Location and requirements of
a third-party caveat.
* Bless and MintDischarge methods now directly take Caveat objects and
embed them in the PublicID and Discharge respectively. The caller of
Bless and MintDischarge need not have the CaveatValidator implementation
from which the Caveat objects were obtained.
* While validating a PublicID or a Discharge, any Caveats that fail to
decode to a CaveatValidator are considered invalid, in other words, all
caveats are universally enforced.
Change-Id: I9430bb90af3267d1b6f235be9056175c30f4d2da
29 files changed
