[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Authorization Certificates Are All Around Us
It was surprising to me the chilly reception that suggesting
that the first realease of the calendar server standard might
support authorization certificates got, since there
is a nicely written RFC describing them thoroughly and giving
some vocabulary for them. People responded,
"This Authorization Certificate stuff is new, it is experimental!
Wait until people have better grasp of how to work with them."
This confused me until I realized that there is a misperception
that Authorization Certificates are something new, instead of
a proposed Offical and Unambiguous name which has been proposed,
and, in my opinion, works well, for referring to the concept which
will eventually be widely recognized as the Authorization Certificate.
To demonstrate the wide acceptance of the concept in normal daily
life, I have been keeping a diary of Authorization Certificates
I have seen or used in the last twenty four hours. I will use the
calendar/scheduling term "designate" to mean a person who the SPKI theory
RFC call would call a "delegate."
Much list serving software that does recipent verification
uses a one-time bearer certificate to authorize the mailing list
to add the recipient to the list.
The EZMLM mailing list software uses a bearer certificate to
authorize removal from the list, a technique called "variable
envelope return path."
Any system which multiplexes many virtual connections over a
single connection can be considered a use of the "handle ID" as
a authorization certificate. This includes:
The NFS file system which uses a call ID to provide simultaneity,
the Linux NBD protocol, which uses a call ID to provide simultaneity
the TCP/IP protocol itself, in which the combination of source address,
source port, destination address, destination port, sequence number taken
constitute a certificate that authorizes the payload of the TCP packet to
to a particular buffer (thus the possibility of "TCP spoofing" attacks)
Any http-based service that issues "session cookies" is issuing a
that authorizes the presenter to, for instance, add merchandise to a
shopping cart. There are ways to achiece the same effect with "hidden
and "directory path info" that do not involve "cookies" and work just as
What they all share is, there is a certificate that is presented to
the current packet to be associated with a previously existing object.
An argument could be made for "Credit Card Number" falling under the
definition of "SPKI Authorization certificate" -- by presenting the number,
designate is authorized to purchase things, as verified by the card
machine. Credit card number is not an authentication system. When I give
my credit card to buy things, Ellen does not misrepresent herself as me
she does that: she honestly represents herself as my designate.
I draw the line at automated teller machine PIN codes. These are an
authentication system, and are supposed to be kept secret. This is a
preference however, and, as was demonstrated in last night's Seinfeld
PIN codes can be effectively shared with a designate.
Another broad set of applications that routinely use the techinque
are bug and abuse reports, where issues are often given authorization
certificates called "trouble tickets" which authorize a customer to
follow up on a previously reported issue.
Lunch, at Burger King. After paying for my food, I was given a number,
I presented to the other end of the counter to authorize myself to accept
a "Whopper Value Meal." This is an authorization certificate: the counter
does not care who I am, only that I demonstrate that I am authorized to
up a particular lunch order.
Dry cleaners all work this way too: they don't care who you are as long as
you present the laundry ticket with the number on it, you are authorized to
pick up that laundry.
Waiting rooms often have numbers, and it was, as I understand it, not
of for otherwise unemployed people to take advantage of time arbitrage by
a low number and selling it to a more recent arrivals in certain places in
formerly communist eastern europe. It would certainly work on a busy day
the Grandview, Missouri department of motor vehicles, at least it would
before they posted the sign expressly forbidding the practice. The holder
low number is authorized to be helped by the bureaucrat.
Television channels. There are eighty-odd possible broadcast TV channels
defined. Presenting the desired channel number to my television authorizes
me to receive the content on that channel. Television is not very secure.
David Nicol 816.235.1187
"... raised indoors and tested by certified technicians"