AC Scenarios - PUSH model

["Anders Rundgren" <anders.rundgren@xxxxxxxxx>]

Steve,

I would like to particularly discuss TLS PUSH as it *theoretically* at least could
be of major interest in e-business.

> C) TLS push
> 
>    Client sends ACs to server (probably requires modifications to the
>    TLS handshake). Server uses ACs to make authorization decisions.

This is the $1000 000 question: Will this really happen?  Will you (SUN) start to
push this in the TLS-group?  Because if you (and the others) don't, ACs will be left in a pretty
miserable shape.  Sort of "nowhere to go" -:(

>    Client authentication using PKCs will probably be most common here,
>    but the client may also authenticate using a username and password
>    (after authenticating the server), one-time password, Kerberos, or
>    another technique.

Modifying TLS to carry ACs but not requiring a (cryptograhically linked) PKC is probably
a bad idea. If you really have been able to get an AC (on your hard-disk, in a smart-card or
in your mobile phone), you should be equipped with PKCs as well. 

A question that comes to my mind is whether this scheme offers *any* advantages over
the scheme suggested by Bob J in terms of distribution of certificates? Bob's scheme
does *not* require changes in TLS.  Although I am personally not very thrilled [working
on a competing solution :-)], by the following idea, multiple client PKCs (containing
different AC-like data and issued by possible different issuers) could share a common key-pair.
By doing that a client can securely download additional "PKC-AC"s when needed from an
existing trusted PKC.

Regards
Anders R