X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=util%2Fcredential.py;h=697adf05242876966f22a2d9d5484fd92cfd4f86;hb=455f3a3cfa775a386a66db8ca0a040f7c5b33d29;hp=0daaf4227c23609ae805186e0fa2ed8c34c12b2e;hpb=be4bba4d844ba251a7f5898fbe199d998f1ac283;p=sfa.git

diff --git a/util/credential.py b/util/credential.py
index 0daaf422..697adf05 100644
--- a/util/credential.py
+++ b/util/credential.py
@@ -1,9 +1,9 @@
 ##
-#
 # Implements Geni Credentials
 #
 # Credentials are layered on top of certificates, and are essentially a
 # certificate that stores a tuple of parameters.
+##
 
 from cert import *
 from rights import *
@@ -189,6 +189,8 @@ class Credential(Certificate):
     # addition to the checks for ordinary certificates, verification also
     # ensures that the delegate bit was set by each parent in the chain. If
     # a delegate bit was not set, then an exception is thrown.
+    #
+    # Each credential must be a subset of the rights of the parent.
 
     def verify_chain(self, trusted_certs = None):
         # do the normal certificate verification stuff