[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Auth

At 02:00 PM 3/31/97 EST, Ron Rivest wrote:

   Is there a better name than "auth"??  This is a made-up word, or an
   abbreviation for "authorization".  In line with using English words
   whenever possible as object types, I think we should try to find
   a better name.  

Thank you, Ron.

I've been pushing SPKI-like ideas for the future of PGP, and have been
calling what we call a certificate here an "assertion." The reason is that
a number of people not liked that a phone-number authorization is called an
authorization. It makes sense to say "I assert my phone number is 555-1212"
or "I assert Soandso can log into my server," but downright silly to say "I
authorize my phone number is 555-1212."

I've been calling the auth field an attribute so that I can say that an
assertion is a signed declaration of some attribute. I've gotten much
further in describing the concepts to people new to it when I use "assert"
rather than "authorize."

Assert is much, much, much better.


Jon Callas                                         jon@pgp.com
Senior Security Architect                          555 Twin Dolphin Drive
Pretty Good Privacy, Inc.                          Suite 570
(415) 596-1960                                     Redwood Shores, CA 94065