opoto
commented
8 years ago Agreed. Furthermore GP-AC already defines the behavior of the ACE in such cases, we should not duplicate it here. I propos to change paragraph to:
The GlobalPlatform Access Control will authorize or deny access based on the conditions and algorithm defined in [[GP-AC]] section 4.
Additionally I propose to specify, in the GP-AC reference, the current version of the GP-AC spec:
Secure Element Access Control v1.1 | GPD_SPE_013
Comments from Trusted Computing Group - Item # 18
Section: 6.2 Client Application Identifier
Comment: Re: “... the Access Control Enforcer may use its own policy to grant or refuse access ...”
Proposed Resolution: This implementation-defined (and hard-coded) access control policy is unacceptable and MUST be removed before this spec is published.