[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SDSI syntax


On Tue, 7 May 1996, Moltar Ramone wrote:
> On Tue, 7 May 1996, Carl Ellison wrote:
> > One can use a (location,hash) pair to stand for any object -- no matter what
> > size.  I, for one, would rather not send digitized photos or voice along as
> > part of a certificate I was using to get FTP access to some site.  I would
> > want that to be small -- possibly referring to such objects and
> > incorporating them by reference but not schlepping them.
> Wouldn't it be nice, though, for some applications to have the photos 
> built in (I'm thinking along the lines of a security-badge type 
> application -- not our primary focus, necessarily, but I'm wondering if / 
> hoping that the certificate model is flexible enough that several 
> real-world models [tickets, badges, keys, etc] could be considered as 
> subsets of our model... tickets would be the hardest part, I think...)

There's no reason why SDSI couldn't support both.  Just use an object that
is a (URI,hash) pair:

	( Photo: [image/gif] ( Pointer:
			( Object-Hash: ( SHA-1 #4F63A1 ) )
			http://pictures.place.org/smith.gif ) )
as opposed to including the actual data:

	( Photo: [image/gif] =Yu7gj9D+zX2C... )

It's debatable whether the [image/gif] tag is needed in the Pointer: case.
With HTTP it probably isn't, but it's probably helpful with FTP or GOPHER.

The server pointed to doesn't even have to serve up the hash of the
object.  In fact, such server-provided hashes should be ignored in this

I fail to see the problem with tickets/badges/keys or any other kind of
privilege.  Remember that the Auto-Certs serve only to identify who is
behind a pricipal, not what the principal is allowed to do.  Privileges
reside on servers that store a (principal,privilege) binding, and are
generally out of the control of the principal being privileged.  If the
principal wishes to exercise a privilege, the query should not go to the
principal but rather to the server that stores the (principal,privilege)

There is a difference between proof-of-identity and proof-of-privilege.  
Identities should not be discernable by their privileges.  If Bill Clinton
were identified by his permission to enter the White House, how would we
identify him when he is no longer President?

			- Marc

Version: 2.6.3ia
Charset: noconv


Follow-Ups: References: