[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
At 02:00 PM 3/31/97 EST, Ron Rivest wrote:
Is there a better name than "auth"?? This is a made-up word, or an
abbreviation for "authorization". In line with using English words
whenever possible as object types, I think we should try to find
a better name.
Thank you, Ron.
I've been pushing SPKI-like ideas for the future of PGP, and have been
calling what we call a certificate here an "assertion." The reason is that
a number of people not liked that a phone-number authorization is called an
authorization. It makes sense to say "I assert my phone number is 555-1212"
or "I assert Soandso can log into my server," but downright silly to say "I
authorize my phone number is 555-1212."
I've been calling the auth field an attribute so that I can say that an
assertion is a signed declaration of some attribute. I've gotten much
further in describing the concepts to people new to it when I use "assert"
rather than "authorize."
Assert is much, much, much better.
Jon Callas firstname.lastname@example.org
Senior Security Architect 555 Twin Dolphin Drive
Pretty Good Privacy, Inc. Suite 570
(415) 596-1960 Redwood Shores, CA 94065