[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Authorization Certificates Are All Around Us

To: CalSched IETF <ietf-calendar@xxxxxxx>, cap-talk@xxxxxxxxxxxxxxxx
Subject: Authorization Certificates Are All Around Us
From: "David L. Nicol" <david@xxxxxxxxxxxxxx>
Date: Tue, 21 Aug 2001 18:38:52 -0500
List-archive: <http://www.imc.org/ietf-calendar/mail-archive/>
List-id: <ietf-calendar.imc.org>
List-unsubscribe: <mailto:ietf-calendar-request@imc.org?body=unsubscribe>
Organization: UMKC Information Services Central Systems
Sender: owner-ietf-calendar@xxxxxxxxxxxx



It was surprising to me the chilly reception that suggesting
that the first realease of the calendar server standard might
support authorization certificates got, since there
is a nicely written RFC describing them thoroughly and giving
some vocabulary for them.  People responded,

"This Authorization Certificate stuff is new, it is experimental!
Wait until people have better grasp of how to work with them."

This confused me until I realized that there is a misperception
that Authorization Certificates are something new, instead of
a proposed Offical and Unambiguous name which has been proposed,
and, in my opinion, works well, for referring to the concept which
will eventually be widely recognized as the Authorization Certificate.

To demonstrate the wide acceptance of the concept in normal daily
life, I have been keeping a diary of Authorization Certificates
I have seen or used in the last twenty four hours.  I will use the
calendar/scheduling term "designate" to mean a person who the SPKI theory
RFC call would call a "delegate."


Much list serving software that does recipent verification
uses a one-time bearer certificate to authorize the mailing list
to add the recipient to the list.

The EZMLM mailing list software uses a bearer certificate to
authorize removal from the list, a technique called "variable
envelope return path."

Any system which multiplexes many virtual connections over a
single connection can be considered a use of the "handle ID" as
a authorization certificate.  This includes:

	The NFS file system which uses a call ID to provide simultaneity,

	the Linux NBD protocol, which uses a call ID to provide simultaneity


	the TCP/IP protocol itself, in which the combination of source address,
source port, destination address, destination port, sequence number taken
together
constitute a certificate that authorizes the payload of the TCP packet to
be added
to a particular buffer (thus the possibility of "TCP spoofing" attacks)

Any http-based service that issues "session cookies" is issuing a
certificate
that authorizes the presenter to, for instance, add merchandise to a
virtual
shopping cart.  There are ways to achiece the same effect with "hidden
fields"
and "directory path info" that do not involve "cookies" and work just as
well.
What they all share is, there is a certificate that is presented to
authorize
the current packet to be associated with a previously existing object.

An argument could be made for "Credit Card Number" falling under the
definition of "SPKI Authorization certificate" -- by presenting the number,
a
designate is authorized to purchase things, as verified by the card
authorization
machine.  Credit card number is not an authentication system.  When I give
Ellen
my credit card to buy things, Ellen does not misrepresent herself as me
when
she does that: she honestly represents herself as my designate.

I draw the line at automated teller machine PIN codes.  These are an
authentication system, and are supposed to be kept secret.  This is a
personal
preference however, and, as was demonstrated in last night's Seinfeld
rerun,
PIN codes can be effectively shared with a designate.

Another broad set of applications that routinely use the techinque
are bug and abuse reports, where issues are often given authorization
certificates called "trouble tickets" which authorize a customer to
follow up on a previously reported issue.

Lunch, at Burger King.  After paying for my food, I was given a number,
which
I presented to the other end of the counter to authorize myself to accept
a "Whopper Value Meal." This is an authorization certificate: the counter
help
does not care who I am, only that I demonstrate that I am authorized to
pick
up a particular lunch order.

Dry cleaners all work this way too: they don't care who you are as long as
you present the laundry ticket with the number on it, you are authorized to
pick up that laundry.

Waiting rooms often have numbers, and it was, as I understand it, not
unheard
of for otherwise unemployed people to take advantage of time arbitrage by
taking
a low number and selling it to a more recent arrivals in certain places in
formerly communist eastern europe.  It would certainly work on a busy day
at
the Grandview, Missouri department of motor vehicles, at least it would
have
before they posted the sign expressly forbidding the practice. The holder
of the
low number is authorized to be helped by the bureaucrat.


Television channels.  There are eighty-odd possible broadcast TV channels
defined.  Presenting the desired channel number to my television authorizes
me to receive the content on that channel.  Television is not very secure.



-- 
                                           David Nicol 816.235.1187
"... raised indoors and tested by certified technicians"

Prev by Date: CalConnect III
Next by Date: Re: CAP: why do we need GENERATEUID?
Previous by thread: CalConnect III
Next by thread: BYDAY & broken VTIMEZONE-RRULE examples?
Index(es):
- Date
- Thread