[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Subject naming

To: "Steiner Viktor, GD-IT453" <Viktor.Steiner@xxxxxxxxxxxxxxxx>, "'ietf-pkix@xxxxxxxxxx'" <ietf-pkix@xxxxxxxxxx>
Subject: Re: Subject naming
From: "Alain Zahm" <zahm@xxxxxxxxxxxxxx>
Date: Wed, 11 Jun 1997 10:57:49 +0200

Few cents in this thread.

Identify human beings is not as simple as to call them. We have various identities depending the context.
	1/ I am the individual Alain Zahm when I purchase goods on the WEB
	2/ I am a project manager of my company when I order software on the WEB
	3/ I am a code number when I reach my anonymous bank account.

In the first case my name and address with optionnaly my ID card number may be my identity
In the second case my name plus my title and company name is a valid identity
at last the third case my need a single secret code number.

X.500 made used of an extensible structure that has no restriction at all. This structure being tied to a directory schema implementation it needs the service to be available. I don't beleive this will happen soon worldwide.

IMO restricted schema with well defined and fixed structure should be specified in order to avoid any ambiguiousity:
for example individual identity is INDIVIDUAL-ID:<Name:Zahm;GivenName:Alain;Country:FR;Street:....>
COMPANY-ID:<Role:"Project Manager";Name:Zahm....>
BANK-ID:<Code:17352X53RD3574G83593YGT>
These ID shouldn't rely on a given underlying architecture (like X.500). They just represent the syntactic expression of the ID.
A CA is then able to set and sign this ID. The complete ID must be unique of course. But the main aim of these structures is that they must be verifiable and understandable by human beings and applications.

Alain

----------
De : Steiner Viktor, GD-IT453 <Viktor.Steiner@swisstelecom.com>
A : 'ietf-pkix@tandem.com'
Objet : Subject naming
Date : mercredi 11 juin 1997 11:01

Doesn't it come down to "Computer vs. Person"?  Shyh-Wei - like all of
us - grew up with computers which required us to use unambiguous keys.
And most of us accept this subservience.  

Later - and I think that is the idea behind the DNs (doesn't that mean
'Distinguished Name' - think about it!) of X.500 - some people felt
computers should be servants and not masters; we are after all persons,
living in a personal society, and we have the right to identify each
other (and the organisations we deal with) by names, rather than IDs.

"I saw Dave yesterday."
"Dave?"
"Yes, Dave Smith, you know."
"In Marketing?"
"No, he sits on the third floor above the canteen."
"Oh, the one with the beard?"
"Yes, that's right."

We're not interested that his ID is 6271534.  Let the computer worry
about unambiguous fields, but let me name entities with NAMES, where
necessary qualified by additional attributes to resolve ambiguities.
Mit freundlichen Grüssen / Meilleures salutations / Kind regards
Viktor Steiner, IT453

>If you are registered with Department of Commerce as SUID 19970001 today,
>then
>some other successful Dave Kemp can register as 20070001 10 years later,
>because the ACL's won't inadvetantly grant your accesses to SUID 20070001.
>
>> What precisely is the advantage of SUIDs over unique terminal RDN's?
>
>advantages:
>
>(1) explicitness in what field is going to be persistent and temporally
>unique
>(2) DN's do not need to be persistent and temporally unique and can be
>simpler
>(3) the SUID scheme is not tied to the X500-type of names
>
>Shyh-Wei
>
>----------

Prev by Date: Subject naming
Next by Date: unsubscribe
Previous by thread: Re: Subject naming
Next by thread: Re[2]: Subject naming
Index(es):
- Date
- Thread