At 06:02 PM 10/26/98 -0400, Vin McLellan wrote:
For 30-odd years, info security professionals have used a model which declares that there are only three ways for a machine to validate or authenticate that a remote human is the person who was initially identified and enrolled (by a trusted Admin) as the user authorized to use a computer account:
_"something known," a memorized password or PIN; _"something held," a physical token that can be carried as a personal identifier; or _"something one is," a biometric like a fingerprint or voiceprint.
However, formal security theory, dating back before the invention of PK has recognized that authorization systems can be just as effectively based on a Capability model as an Identity model. A bearer token in my mind, is nothing more than a kind of Capability. The idea is that what you really want to know is "should this request be permitted." Using identity to determine this is just a way of adding a level of indirection to the algorithm. In a capability model, the answer is presented directly. The debate over these models has always revolved around efficiency. I will not review that here, except to note that while capabilities usually take their lumps for not being able to scale well, pure identity models do not scale either. It is always necessary to introduce some form of aggregation, such as groups, roles, citizens, credit card holders, whatever, that reduces the number of individual rules that must be managed, stored and referenced. Therefore, while you may reasonably argue that dbs will not work or scale or whatever for one reason or another, you cannot argue that it is not supported by formal security theory. Regards, Hal ==================================================================== Harold W. Lockhart Jr. PLATINUM technology Chief Technical Architect 8 New England Executive Park Email: Harold.Lockhart@platinum.com Burlington, MA 01803 USA Voice: (781)273-6406 Fax: (781)229-2969 ====================================================================