next up previous
Next: 4.13.2 013: response Up: 4.13 013: process to Previous: 4.13 013: process to

4.13.1 013: Definition of requirement

The idea here goes something like this: User IDs are a clumsy form of identification and authentication. Modern systems do much better.

For instance, using ssh, one can have one window (one process group) for which one has started an ssh-agent which holds one's certificates.

One can have another window logged in under the same user ID, but with different certificates, or indeed no certificates at all.

This is the modern approach: security resides in the keys, not in the user IDs.

User IDs have a clear meaning locally. They have only a weak relationship on relationship to entities on a distant system.

Certificates do have meaning as anyone with a public key in a trusted store with clear authorizations attached can trust some entity that has the corresponding private key.

Michael Richardson