[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Auth]Authorization Certificates

From: Johan Hanson
Subject: [Auth]Authorization Certificates
Date: Sun, 15 Jul 2001 00:02:51 +0200

Has anybody had any thought of using X.509v3 Authorization Certificates
for authorization in DotGNU?

Another term for "Authorization Certificate" that is more common in the 
classic ecurity literature is "Capability".
A Capability/Auth.Cert. is simply a reference to an object
with bundled access rights to that object.
Holding a authorization certificate is enough to authorize the holder
to exercize the rights granted by the certificate/capability.

What I like about capability security is that it is:
 - Inherently peer-to-peer
 - No personal information has to be disclosed to the server of
   a request

(I am not so sure if that applies specifically to X.509v3 certificates,
but it does apply to similiar, older systems such as Amoeba)
The theory behind capability-based security dates back to the 70's and
it has been heavily researched.

More reading:
 - RFC 2693: SPKI Theory,
 - Notes about theory,
 - Cap-based system,
 - Slightly unusual theory paper,

/ address@hidden
char*s="address@hidden                        ",c,a[40],r[40];q(p,a)char*p
printf("\e[%d;%dH%c\n",24-r[c],c*2+1,s[a[c]]);}usleep(1<<12);goto l;}
----------------------------------------------- 218 bytes -- aj där ya --

reply via email to

[Prev in Thread] Current Thread [Next in Thread]