Jeff: so the Time to do a test is just another time-dependent parameter for the test. But others may be time-dependent too. Therefore the PMC should be the thing that decides on all parameters.
Jeff: client talks to the MDI, the MDI assigns a Role etc, and provides a token and a redirect to the PMC.
The client then talks to the PMC.
i.e. the MDI deals with just authentication
     the PMC deals with authorisation.

eric: do we bother doing high-level policy on the MDI. Say: there's no way I'll ever let you do that.

Eric: we have three machines: pmp, pmc, mdi. In practice two of these may be merged. 

Jeff: so there's a single mdi, and fewer pmcs, and even less pmps. However there has to be a very close link between the PMP and the PMC.

Token is just a local authentication token which maps a remote person's auth onto the local roles.

MDI functionality must already have been pretty much done

Todo: rehash requirements document
Todo: tell Jeff any comments we have on BWCTL
Todo: get BWCTL working