[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AC Scenarios - PULL model

To: Polar Humenn <polar@xxxxxxxxxx>
Subject: Re: AC Scenarios - PULL model
From: Steve Hanna <steve.hanna@xxxxxxx>
Date: Thu, 09 Nov 2000 10:48:38 -0500
Cc: Anders Rundgren <anders.rundgren@xxxxxxxxx>, ietf-pkix@xxxxxxx
Organization: Sun Microsystems, Inc.
References: <>

Polar Humenn wrote:
> In the CORBA Security Case, an object reference is configured with a
> specification of where and how the client is supposed to find the
> authorization information (which can be an X.509 AC, or one of these XML
> thinggys) the object will understand. It is an authorization token layer
> acquisition service, which we call ATLAS. It is up to the client to
> contact that service and acquire the AC's (or whatever) based on its
> authentication to the ATLAS. Then the client can push the ACs to the
> object during a CORBA request.

OK. So it's a push model. How does the client authenticate to the
object?

> In the pull scenario, you don't really need AC's at all. All you need is a
> answer from a trusted somebody about the subject. It could be your
> babysitter has a kerberos connection to your mother, who said you can play
> outside. (no AC signature verification needed). I.e. your mother doesn't
> have to sign a note, she can just tell the babysitter when asked.

Agreed. You don't have to use ACs in the pull scenario. But that's what
we're discussing here.

-Steve

Follow-Ups:
- Re: AC Scenarios - PULL model
  - From: Polar Humenn

References:
- Re: AC Scenarios - PULL model
  - From: Polar Humenn

Prev by Date: Re: AC Scenarios - PULL model
Next by Date: Re: AC Scenarios - PULL model
Previous by thread: Re: AC Scenarios - PULL model
Next by thread: Re: AC Scenarios - PULL model
Index(es):
- Date
- Thread