[cap-talk] Definition of Authentication on wiki.erights.org
Karp, Alan H
alan.karp at hp.com
Mon Sep 7 13:10:32 PDT 2009
David-Sarah Hopwood wrote:
>
> No, it shows that "authentication" is used with at least two distinct
> meanings. But do we want to use the word "authentication" for two different
> things, when we have other words (such as "verification") that are clearer
> and more applicable to one of them? Note that it is the technical jargon
> meaning of "authentication" in computer science that we are attempting to
> define, *not* the everyday meaning (or the meaning in some other field
> such as the study of antiquities).
>
I ran into a problem when describing ZBAC to people in the US Department of Defense. It took a couple of years for me to realize that they were using the word "authentication" in its broader sense. Given that this is a large community with widespread influence, I chose to change rather than try to change their usage. I now use "subject authentication" when I describe ZBAC, and I haven't experienced the disconnect since.
Just so you know the problem isn't just one of the military, I ran into the same problem at SOUPS. Lorrie Cranor and MarcS were talking past each other about authentication versus authorization. It turns out she was talking about authenticating the authorization. Here, too, being careful to use the term "subject authentication" helped.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list