[cap-talk] IBAC and Horton

[Jed Donnelley]

At 02:07 PM 1/11/2007, Rob Meijer wrote:
>...
>Feels to me that you are missing out on an essential step of decomposition
>of the issue. If you recognize that identity, and with identity identity
>based authentication can play an important role in ABAC, than the usage
>of introduction based (horton) authentication could be seen as a secondary
>issue to authentication in ABAC in general.

It is.  That is, introduction based (Horton) authentication is "secondary"
to ABAC.  First you need ABAC (capabilities) and then you can build
Horton on that infrastructure.  I argue that it (Horton) is necessarily
secondary (communicating conspirators) and it is pragmatically
secondary (the need for modular decomposition and the desire for
POLA).  While it is "secondary" to ABAC (layered on an ABAC foundation),
it also may well be of value to those who wish to be able to track 
responsibility
and do access control by identity or role (e.g. by a person's 
identity or role).
As you know there seem to be many such people (TCSEC, Unix, Windows,
etc., etc.).

>I feel that if you can define the identity based authentication in ABAC
>in such a way that choosing horton, kerberos, x509 or any other mechanism
>for authentication of identity becomes a secondary plugable) issue, you
>would have a cleaner and more practical decomposition of the issues.

I believe that's what I've suggested.  Horton (and presumably kerberos
and x509 certificates, though far be it from me to propose a pure
capability implementation - ABAC - for those protocols) is a service
that can be added to a capability system (e.g. like E, Eros/Coyotos,
YURLs).  Once available it can be used for delegation and responsibility
tracking by identity and, as we've discussed, can lead to a layering
of a sort of IBAC (or RBAC) on ABAC.

Was it my wording or the concept that I've tried again to convey
that lead you to believe that my proposed decomposition could
be cleaner?

--Jed http://www.webstart.com/jed/