[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dbts: Cryptographic Dog Stocks, The Dirigible Biplane, and Sending the Wizards Back to Menlo Park
At 06:02 PM 10/26/98 -0400, Vin McLellan wrote:
> For 30-odd years, info security professionals have used a model
>which declares that there are only three ways for a machine to validate or
>authenticate that a remote human is the person who was initially identified
>and enrolled (by a trusted Admin) as the user authorized to use a computer
>_"something known," a memorized password or PIN;
>_"something held," a physical token that can be carried as a personal
>_"something one is," a biometric like a fingerprint or voiceprint.
However, formal security theory, dating back before the invention of PK has
recognized that authorization systems can be just as effectively based on a
Capability model as an Identity model. A bearer token in my mind, is
nothing more than a kind of Capability.
The idea is that what you really want to know is "should this request be
permitted." Using identity to determine this is just a way of adding a
level of indirection to the algorithm. In a capability model, the answer
is presented directly.
The debate over these models has always revolved around efficiency. I will
not review that here, except to note that while capabilities usually take
their lumps for not being able to scale well, pure identity models do not
scale either. It is always necessary to introduce some form of
aggregation, such as groups, roles, citizens, credit card holders,
whatever, that reduces the number of individual rules that must be managed,
stored and referenced.
Therefore, while you may reasonably argue that dbs will not work or scale
or whatever for one reason or another, you cannot argue that it is not
supported by formal security theory.
Harold W. Lockhart Jr. PLATINUM technology
Chief Technical Architect 8 New England Executive Park
Email: [email protected] Burlington, MA 01803 USA
Voice: (781)273-6406 Fax: (781)229-2969