Re: [Pki-devel] [PATCH] 202 Session-based nonces.

On 2/4/2013 9:49 AM, Ade Lee wrote: > Looks pretty good to me. > > Question: > 1. What is the purpose of the isMemberOfSubsystemGroup() method, and why > do we need it? The original code checks whether the user specified in the client certificate belongs to the "Subsystem Group". If it does, the code will skip nonce verification. I suppose this is used by internal PKI operations which do not require 2-step processes using nonces. The isMemberOfSubsystemGroup() is a method that encapsulates the above logic, and it's created to separate the logic from nonce validation which should not be dependent on client certificates. -- Endi S. Dewata