[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

access-granting protocol (was Re: PK Authentication (...))

There is another reason to build authorization tickets into an access
granting protocol -- and that is that we can make the process independent of
the underlying authorization machinery.  That is, one could use X.509v3
extensions or X.509 attribute certificates or direct authorization
certificates ala cert.html to generate a temporary authorization certificate
which is then checked by the firewall or other gatekeeper process.  It
wouldn't need to know anything about the underlying machinery -- although it
might need to know a variety of algorithms [RSA, DSA, ...].

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091              Tel: (703) 620-4200                         |