[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Auth]Authorization Certificates

From: Jeremy Petzold
Subject: Re: [Auth]Authorization Certificates
Date: Thu, 19 Jul 2001 06:09:43 -0700 (PDT)

I don't have a firm grasp on trust matrix theory, but
what if you look at it as local areas of trust.

example, business A has a local area of trust, and
business B has a local area of trust.

for a user to gain access to Business A's area of
trust, that user  needs to register with them (i.e.
some way that Business A can validate  the user next
time that user trys to enter the A's area of trust, a
username/password is how it is done right now.)

then lets say the user wants to go over to business B,
that user needs to register with this Business still
so he can not enter the area of trust without doing

all of this registration can be done transparently
through our system by way of the passport replacment
(what ever we call it) so that the end user just
clicks on the site, authorises the pop-up box that
asks them if it is ok to register with this website.
when they register with the site, they only send a
username, password, and perhaps a key or certificate.
this must be done in order for any business
transactions to take place, then when the user clicks
to buy a book at, the cc#,shipping address and
billing address are sent, along with the little survey
info they ask for and then at the end of the RLS
string (or whatever we use) the key or certificate
that the user is registered with. that will act as the
digital signiture, this validates the user who has
already loged in to the trusted environment with
username/Password, the key/certificate just acts as
one more level of trust to validate against. (and of
course this this key/certificate would be encrypted)

do I make sence, and is this at all near what we need
or is this wide open to crackers?


--- Adam Theo <address@hidden> wrote:
> hello, and thank you for the comment.
> I can understand your belief that a WoT can only
> work with individuals
> with similar interests and community, but I must
> suggest this is not
> neccisarily the case, if done intelligently.
> I understand it is important to recognize the
> differences, and therefore
> differences in requirements, between different types
> of 'entities' in a
> WoT. trying to treat all of them the exact same way
> will only lead to
> confusion and a system which does not accurately
> describe 'trust' or
> help users use the system.
> But by keeping in mind, and designing for, these
> differences in needs
> and natures of entities, I think we can create a WoT
> that really works.
> I am working on an example, but it might be a few
> days.
> _______________________________________________
> Auth mailing list
> address@hidden

Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail

reply via email to

[Prev in Thread] Current Thread [Next in Thread]