[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

access-granting protocol (was Re: PK Authentication (...))

To: dpkemp@missi.ncsc.mil (David P. Kemp)
Subject: access-granting protocol (was Re: PK Authentication (...))
From: Carl Ellison <cme@cybercash.com>
Date: Wed, 10 Apr 1996 15:37:04 -0400
Cc: spki@c2.org
Sender: owner-spki@c2.org

There is another reason to build authorization tickets into an access
granting protocol -- and that is that we can make the process independent of
the underlying authorization machinery.  That is, one could use X.509v3
extensions or X.509 attribute certificates or direct authorization
certificates ala cert.html to generate a temporary authorization certificate
which is then checked by the firewall or other gatekeeper process.  It
wouldn't need to know anything about the underlying machinery -- although it
might need to know a variety of algorithms [RSA, DSA, ...].

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091              Tel: (703) 620-4200                         |
+--------------------------------------------------------------------------+

Prev by Date: Re: EDI and Public Key Crypto needs
Next by Date: Re: EDI and Public Key Crypto needs
Prev by thread: access-granting protocol (was Re: PK Authentication (...))
Next by thread: Re: access-granting protocol (was Re: PK Authentication (...))
Index(es):
- Main
- Thread