At 8:52 AM +0100 2/8/12, DIEGO LOPEZ GARCIA wrote:
On 7 Feb 2012, at 23:25 , Stephen Kent wrote:
federated authentication systems using certs generally seem to be
motivated because folks can make cross-certification work properly.
other federated auth systems seem to be based on having one org trust
another to assert and identity for a user know to the second, but not
the first. that's a recipe for secruity problems.
Well, at the end, having an org trust another to
identify a user only known to the latter is what
certificates do, don't they? The problem with
federated schemas is the number of potential
sources of identity, that has to become
unbounded by definition. You have then to rely
on federation metadata, telling you which orgs
are trusted to make assertions on whom, and you
need some root(s) of trust for those metadata,
metadata revocation procedures, etc. And this
collapses again into finding the-right-key(s)
I was a bit sloppy in my choice of words. Let me try again.
In the physical world we recognize that certain
entities are authoritative for identifying people
or orgs. These entities issue credentials to
people and orgs, and these credentials are
accepted for identification and/or authorization
purposes, in selected contexts. If a CA issues
certs with IDs for which the CA is authoritative,
it mimics the real world model, and that's
generally good. In many of the federation
examples with which I am familiar, there is too
much reliance on parties to vouch for identities
in a nonauthoritative fashion. This is not a
problem for all such systems, but for many.
Steve
_______________________________________________
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey
