SSO authentication: a new approach
Guy Rixon
gtr at ast.cam.ac.uk
Sun Mar 13 01:28:01 PST 2005
On Fri, 11 Mar 2005, Paul Harrison wrote:
> I still think that we should distinguish between trust (i.e. do we know
> that the entity is what it says it is - i.e. it has identity signed by a
> certificate authority that we know) and the privileges that we assign to
> that identity. I realise that this is not quite the same semantics as
> the ordinary english language word "trust", but I believe that it is the
> meaning that is attached to the word in the security world.
Can you suggest a term to replace "trust"?
> In the discussion so far of "less-trusted" or "weak certificates" -
> what is actually meant is lower priviledges assigned to an identity that
> is still confirmed by reference to a CA signature, in just the same way
> that a "strong certificate" - i.e. as far as the cryptographic
> confirmation of the identity goes there is no difference.
>
> I might just be being a pedant, but whatever words we use, this way of
> thinking is important in the design.
>
> Paul.
>
Guy Rixon gtr at ast.cam.ac.uk
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
More information about the grid
mailing list