[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ideas from the I&A Forum

At 10:29 PM 7/9/96 -0400, Carl Ellison wrote:
I attended the MISSI I&A forum...
>Another recurring theme was "enforcement of least privilege" -- meaning that
>an authorization needs to be as specific as possible, as contrasted with the
>UNIX superuser sledgehammer.  This suggests to me that there will be a huge
>number of <auth>s defined, should the world take this maxim seriously, and
>the AUTH: construct would see a great deal of use.

If there are a correspondingly large number of signing keys (e.g. each
service has its own signing key), then the number of <auth>s may not be
large, since in many cases, certificates may then be all or nothing.  A
network printer would probably be a good example.

(I am certainly in favor of this approach.  The superuser hammer is really
quite dangerous.)

Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
frantz@netcom.com | worldwide conversation.    | Los Gatos, CA 95032, USA