Eric, I dug out one of the references I was thinking of when you were talking last saturday. A summary of the introduction would go: "We describe a theory of authentication and a system that implements it. Our theory is based on the notion of principal and a "speaks for" relation between principals. A simple principal either has a name or is a communication channel; a compound principal can express an adopted role or delegation of authority. [...] We use the theory to explain many existing and proposed mechanisms for security [...]" So anyway, although I haven't read the whole thing in depth, it seems to me a reasonnable way to reason about complex security setups to make decisions about them (including automatically). %A Butler Lampson %A Martin Abadi %A Michael Burrows %A Edward Wobber %T authentication in distributed systems: theory and practice %J Operating Systems Review (ACM SIGOPS Review) %J Proceedings of the 13th ACM symposium on operating systems principles %C Pacific Grove, CA %D Oct. 13-16 1991 %V 25 %N 5 %P 165-182 %K transitive authentication, operating systems, DES, RSA, security, channel, RPC, remote procedure calls, public key encryption, name lookup, groups, access control, delegation, revocation, principals I'm pretty sure I saw somewhere a companion paper titled something like "An algebra of authentication"... hmmm maybe even in CACM... [...15 minutes later...] Unfortunately some of my CACMs are in hiding and not properly indexed... It was work done at DEC SRC in Palo Alto, there must be some research reports too. If somebody has refs for any of these, it would be great if you'd post them. Pierre. pierre@shell.portal.com