[cap-talk] Architectural Choices: How to migrate from IBAC to ABAC
David Hopwood
david.hopwood at industrial-designers.co.uk
Thu Nov 15 22:36:56 EST 2007
Jed Donnelley wrote:
> On 11/15/2007 11:01 AM, Karp, Alan H wrote:
>> Jed wrote:
> ...
>> Verifying that the capability is authentic does not involve
>> authenticating the requester.
>
> Right. It "authenticates" the capability, nothing to
> do with the requester. Is the term "authentication"
> so intrinsically tied up in the IT terminology with
> authenticating an identity (user) that people know
> to apply it in no other context?
An entity that can be authenticated is normally called a
"principal". I don't think most IT/security people assume that
it is a user, but they don't generally conceive it as being
anything as fine-grained as a process, never mind a capability.
--
David Hopwood
More information about the cap-talk
mailing list