SSO authentication: a new approach

Roy Williams roy at caltech.edu
Mon Mar 14 23:37:58 PST 2005 

Ray's "weak certificate" does not prove who the person is in a real-world context, but 
only for example that the reader of data be the same as the writer.

In my "HotGrid", (*) I would extract a description of what they are doing and who they are 
through simple registration -- in exchange for a *quantitative* increase in some sort of 
limit -- a limit that is more stringent for anonymous users.

The OpenSkyNode.net at Baltimore truncates SQL queries at 5,000 and all users are 
anonymous. Perhaps they would allow 50,000 for those who have registered.

This kind of information about usage looks fabulous in an Annual Report.

Roy

(*) http://us-vo.org/pubs/files/hotgrid.pdf

--------
California Institute of Technology
roy at caltech.edu
626 395 3670
----- Original Message ----- 
From: "John Good" <jcg at ipac.caltech.edu>
To: "Ray Plante" <rplante at ncsa.uiuc.edu>
Cc: <grid at ivoa.net>
Sent: Monday, March 14, 2005 3:59 PM
Subject: Re: SSO authentication: a new approach


>
> Ray -
>
> I can't see that I would be willing to let
> someone with one of your "weak certificates"
> do much more than someone with an HTTP cookie.
> I would not, for instance, let them have file
> upload access (unless I wanted to be in the
> business of supplying free storage to the
> world).
>
> - John
>
>
> Ray Plante wrote:
>
>> Hey Paul,
>>
>> On Fri, 11 Mar 2005, Paul Harrison wrote:
>>
>>>In the discussion so far of  "less-trusted" or "weak certificates" - what is actually 
>>>meant is lower priviledges assigned to an identity that is still confirmed by reference 
>>>to a CA signature, in just the same way that a "strong certificate" - i.e. as far as 
>>>the cryptographic confirmation of the identity goes there is no difference.
>>
>>
>> In my view of the idea of "weak certificates" is not simply an issue of lower 
>> priviledges.  Consider your definition...
>>
>>
>>>I still think that we should distinguish between trust (i.e. do we know that the entity 
>>>is what it says it is - i.e. it has identity signed by a certificate authority that we 
>>>know) ...
>>
>>
>> With a weak certificate, we *don't* know that the entity is what it says
>> it is.  We only know that the entity is the same entity as the last time
>> it came around.  The point is that with a Weak CA, we cannot put full
>> trust in it because it is easy for users to register false identities.
>>
>> I sense that an underlying principle that you are trying to get at is that
>> authentication and determining authorization are separate operations.
>> If so, I agree whole-heartedly.  In the case of weak certificates, the
>> CA that signs the cert can be used in part to assign priviledges.  cheers,
>> Ray
>

More information about the grid mailing list