[cap-talk] Definition of Authentication on wiki.erights.org

Rob Meijer capibara at xs4all.nl
Sat Sep 5 23:52:03 PDT 2009 

On Sun, September 6, 2009 05:05, David-Sarah Hopwood wrote:
> Rob Meijer wrote:
>> On Sun, September 6, 2009 00:17, Matej Kosik wrote:
>>> Do you mean that:
>>> - I have some file (e.g. foo.tar.gz)
>>> - I know its correct md5sum has
>>>   (e.g. 0308e7b8c023f1021702bfe033c392a4)
>>> - if I verify (with md5sum program) that
>>>   my copy of `foo.tar.gz' has correct hash
>>> Then I have performed authentication? In my opinion it is mere
>>> verification that given file is the one we want. This case not only
>>> does
>>> not fall under definition 1 and that is fine.
>>
>> I disagree. The validation of the authenticity and integrity properties
>> of
>> this object authenticate the object. This example thus shows that your
>> definition is flawed.
>
> No, it shows that "authentication" is used with at least two distinct
> meanings. But do we want to use the word "authentication" for two
> different
> things, when we have other words (such as "verification") that are clearer
> and more applicable to one of them? Note that it is the technical jargon
> meaning of "authentication" in computer science that we are attempting to
> define, *not* the everyday meaning (or the meaning in some other field
> such as the study of antiquities).

IMO it shows that the every day meaning of authentication IS used in
technical jargon. There is an other more closely matching word for 1 that
I would suggest using for 1 instead. Looking at the best matching every
day meaning at freedictionary, there are two usefull definitions that
could help :

authentication: "validating the authenticity of something or someone"

identification : "the condition of having the identity (of a person or
object) established."

Although the two are strongly related, it seems that the definition on the
wiki is simply confusing th two concepts in an understandable way.

Roughly authentication is a subset of validation, and identification
'involves' a subset of  authentication. I see absolutely no merit in
shifting the meaning of these terms in such a way than when in technical
context you say validation you mean authentication, and when in a
technical context you say authentication you mean identification.

I suggest we use authentication when we mean something like the above
dictionary meaning of authentication, and use identification when that is
what we mean.



Rob.

More information about the cap-talk mailing list