[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Auth

> From: Jon Callas <jon@pgp.com>
> Thank you, Ron.
> I've been pushing SPKI-like ideas for the future of PGP, and have been
> calling what we call a certificate here an "assertion." The reason is that
> a number of people not liked that a phone-number authorization is called an
> authorization. It makes sense to say "I assert my phone number is 555-1212"
> or "I assert Soandso can log into my server," but downright silly to say "I
> authorize my phone number is 555-1212."
> I've been calling the auth field an attribute so that I can say that an
> assertion is a signed declaration of some attribute. I've gotten much
> further in describing the concepts to people new to it when I use "assert"
> rather than "authorize."
> Assert is much, much, much better.
> 	Jon
> -----
> Jon Callas                                         jon@pgp.com
> Senior Security Architect                          555 Twin Dolphin Drive
> Pretty Good Privacy, Inc.                          Suite 570
> (415) 596-1960                                     Redwood Shores, CA 94065

Thank you, Jon.

I agree that the meaning/intent of SPKI would be *much* clearer if the
word "certificate" was replaced by "assertion".

I also agree that "attribute" is a better name for a field in an SPKI
assertion than "auth", but there may be some who feel that attribute
sounds too X.509-like :-).