[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: KeyNote draft available
I must confess that I don't quite understand your point. You seem to
be objecting to the use of the term "trust" in conjunction with
predicates that delegate from one key to another the permission to
perform specific security actions.
While I would be the first to agree that the word "trust" can be used
to describe concepts other than this, we use the word "trust" as a
technical term. It is not at all unusual for words to have a meaning
as a technical term-of-art that are rather different from their
connotations in informal or non-technical language. Indeed, computer
science is full of such terms; consider "reliable," "trivial," "large,
and "fair," for starters.
Here, we use "trust" in a technical sense, not in a social or
political sense. In particular, we use the word in the sense of
"trusted system", and, especially, "trust management," a term we
introduced in our original PolicyMaker paper to refer to the problem
of describing (and containing) the extent to which other parties are
permitted to perform security-critical actions. You suggest the term
"authorization," which is also a good word, but we used "trust
management" because that phrase is beginning to be fairly widely
understood by the technical community (there has been at least one
conference on the subject, and it has appeared in several
calls-for-papers, for example).
In any event, we think KeyNote provides a very simple mechanism that
is flexible enough to addresses many of the issues of concern to the
SPKI charter, and we hope to stimulate discussion on our direction.