[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Auth
> From: Jon Callas <jon@pgp.com>
>
> Thank you, Ron.
>
> I've been pushing SPKI-like ideas for the future of PGP, and have been
> calling what we call a certificate here an "assertion." The reason is that
> a number of people not liked that a phone-number authorization is called an
> authorization. It makes sense to say "I assert my phone number is 555-1212"
> or "I assert Soandso can log into my server," but downright silly to say "I
> authorize my phone number is 555-1212."
>
> I've been calling the auth field an attribute so that I can say that an
> assertion is a signed declaration of some attribute. I've gotten much
> further in describing the concepts to people new to it when I use "assert"
> rather than "authorize."
>
> Assert is much, much, much better.
>
> Jon
>
> -----
> Jon Callas jon@pgp.com
> Senior Security Architect 555 Twin Dolphin Drive
> Pretty Good Privacy, Inc. Suite 570
> (415) 596-1960 Redwood Shores, CA 94065
>
Thank you, Jon.
I agree that the meaning/intent of SPKI would be *much* clearer if the
word "certificate" was replaced by "assertion".
I also agree that "attribute" is a better name for a field in an SPKI
assertion than "auth", but there may be some who feel that attribute
sounds too X.509-like :-).
dpk
Follow-Ups:
- Re: Auth
- From: Carl Ellison <cme@cybercash.com>