[cap-talk] What's an authenticated authentication?

Matej Kosik kosik at fiit.stuba.sk
Wed Jul 29 04:23:59 EDT 2009 

Rob Meijer wrote:
> On Sun, July 26, 2009 11:26, Matej Kosik wrote:
>> David-Sarah Hopwood wrote:
>>> Matej Kosik wrote:
>>>> Ludovic Courtès wrote:
>>>>> Matej Kosik <kosik at fiit.stuba.sk> writes:
>>>>>
>>>>>> Those who have time, please review this definition:
>>>>>> http://wiki.erights.org/wiki/Authentication
>>>>> IMO it's better to stick to the letter to the dictionary definition as
>>>>> it's widely accepted, avoids confusion, and provides an opportunity to
>>>>> think about the concept in general terms.
>>>> Please paste here the definition you think better captures how
>>>> _capability community_ interprets this concept.
>>> Given one end of a communication channel, establish which principal
>>> is probably at the other end.
>>>
>>> (Note: this definition is more general than it may at first appear; it
>>> does cover local authentication.)
>>>
>> Ok. I have updated the definition.
>> http://wiki.erights.org/wiki/Authentication
>>
>> From now on, my wallet contains one end of communication channel leading
>> to the central bank. :)
>> --
>> Matej Kosik
> 
> 
> While it may be correct, it took me a few times to catch the reasoning
> behind it. I feel taking this track in definition might be seeding some
> unneeded confusion.

What kind of confusion? Isn't the definition both:
- correct
- and concise?

Can you give some examples of authentication that the presented
definition does not fit?

Can you give some examples which will indicate that the definition is
confusing? (for us)

It may be confusing for others, but is not always avoidable and we
should not trade our confusion for non-confusion of others. What can we
do is to explain our viewpoint and this can be succesfully done.

> 
> I would suggest staying closer to regular interpretation of authenticity
> and authentication.
> 
> When explaining different access control models including capabilities, I
> first explain about authority and sources of authority, than about
> accountability. After that explaining about authentication leads to a
> definition.
> 
> The following is the definition I have been actively using in training
> material:
> 
>   Authentication (in an AAA context) is the process of validating the
>   authenticity of either:
> 
>   * a source of authority.

I do not understand this point. Can you give examples where authenticity
is a source of authority? I do not aggree with this in general.

>   * a target of accountability.

I can aggree with this.

>   * an entity that is both a source of authority
>     and a target of accountability.
> 
> In ACL systems I claim that 'identity' is both a source of authority and
> a target of accountability. I feel this angle is equally valid and equally
> broad but much less  confusing than the communication channel definition.
> 
> Rob
-- 
Matej Kosik

More information about the cap-talk mailing list