SSO authentication: a new approach

Paul Harrison pah at jb.man.ac.uk
Tue Mar 15 00:53:27 PST 2005 

Ray Plante wrote:

>Hey Paul,
>
>On Fri, 11 Mar 2005, Paul Harrison wrote:
>  
>
>>In the discussion so far of  "less-trusted" or "weak certificates" - 
>>what is actually meant is lower priviledges assigned to an identity that 
>>is still confirmed by reference to a CA signature, in just the same way 
>>that a "strong certificate" - i.e. as far as the cryptographic 
>>confirmation of the identity goes there is no difference.
>>    
>>
>
>In my view of the idea of "weak certificates" is not simply an issue of 
>lower priviledges.  Consider your definition...
>
>  
>
>>I still think that we should distinguish between trust (i.e. do we know 
>>that the entity is what it says it is - i.e. it has identity signed by a 
>>certificate authority that we know) ...
>>    
>>
>
>With a weak certificate, we *don't* know that the entity is what it says
>it is.  We only know that the entity is the same entity as the last time
>it came around.  The point is that with a Weak CA, we cannot put full
>trust in it because it is easy for users to register false identities.
>
>I sense that an underlying principle that you are trying to get at is that
>authentication and determining authorization are separate operations.
>If so, I agree whole-heartedly.  In the case of weak certificates, the
>CA that signs the cert can be used in part to assign priviledges.  
>  
>
I think that the terms "weak" and "less trusted" are already provoking 
people into saying - "I'm not going to let one of those use my service". 
I think that my original definition of trust is too narrow - it is more 
than just identity - the best definition I found is

Generally an entity can be said to  trust  a second entity when the 
first entity makes the assumption that the second entity will behave 
exactly as the first entity expects.

contained in this Sun Blueprint 
http://www.sun.com/blueprints/1202/817-0775.pdf

I think that the distinction would have a bearing on any design - 
instead of having different classes of CA, all CAs would be equal, but 
the  less privileged user would only be registered in a low priviledge 
community for instance.

Paul.

More information about the grid mailing list