[cap-talk] Definition of Authentication on wiki.erights.org

David-Sarah Hopwood david-sarah at jacaranda.org
Mon Sep 7 20:53:57 PDT 2009 

Karp, Alan H wrote:
> David-Sarah Hopwood wrote:
>> subject:   an active entity that makes requests in an access control
>> system.
>>
>> principal: an entity that can be authenticated; that is, that holds
>>            credentials (also called authentication factors) allowing it
>>            to be distinguished from other principals that do not hold those
>>            credentials.
> 
> Since I'm talking about an access control decision, it seems that "subject"
> is the right word.
>
> The subject may be proving that it's working on behalf of a specific
> principal, but it might just be proving to be a particular process
> running on my behalf.

If it is just proving to be a particular process/subject -- i.e. if
in the system under consideration, processes can both make requests
and be *directly* authenticated as processes (rather than as acting on
behalf of a user or as being instances of particular programs), then
"subject authentication" would be correct. But that would be quite an
unusual system; neither capability nor ACL-like systems normally do this.
If process authentication were used for access control, it would have
severe problems due to permission management overhead. If it were used
for auditing/accountability, the process ids wouldn't mean anything to
human auditors.

>> "Principal authentication" seems a little verbose, though.
>
> But I can live with it.  My only concern is that I might get some push
> back, which hasn't happened with "subject authentication" yet.

My point is just that in almost all cases, the principal isn't a subject.
That is, users are not subjects, and processes are not normally
directly authenticated as such (sometimes, they are authenticated
as being instances of a program, but then it is the program that is
the principal, not a particular instance of it).

Therefore "subject authentication" is not correct for the term that
distinguishes the kind of authentication that Matej and I are talking
about, from other uses of "authentication" (which I would prefer to
call "validation").

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

More information about the cap-talk mailing list