[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
access-granting protocol (was Re: PK Authentication (...))
There is another reason to build authorization tickets into an access
granting protocol -- and that is that we can make the process independent of
the underlying authorization machinery. That is, one could use X.509v3
extensions or X.509 attribute certificates or direct authorization
certificates ala cert.html to generate a temporary authorization certificate
which is then checked by the firewall or other gatekeeper process. It
wouldn't need to know anything about the underlying machinery -- although it
might need to know a variety of algorithms [RSA, DSA, ...].
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430 http://www.cybercash.com/ |
|2100 Reston Parkway PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091 Tel: (703) 620-4200 |
+--------------------------------------------------------------------------+