--bob Bob Blakley (blakley@dascom.com)
Chief Scientist, Dascom >There are, I believe, strong arguments that the
mere existence of authzid is
>a
layering violation. The authentication protocol is the owner of identification
>and of the forms of identities, not application
protocols.
I agree that there are
strong arguments, and I agree with those arguments. I think authorization
data
should *never* be carried as part of an
authentication and key exchange protocol, except as
an implementation convenience, for
performance purposes, collapsing a formal architecture in
which authorization information should
be encapsulated within an authenticated session. In other
words, authorization information should
be layered above authentication protocols -- always.
>And SASL has a way of handling
authzid.
|
BEGIN:VCARD VERSION:2.1 N:Blakley;Bob FN:Bob Blakley ORG:Dascom TITLE:Chief Scientist TEL;WORK;VOICE:+1 (512) 458-4037 x 5012 TEL;WORK;FAX:+1 (512) 458-2377 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;Plaza Balcones=0D=0A5515 Balcones Drive;Austin;TX;78731;USA LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Plaza Balcones=0D=0A5515 Balcones Drive=0D=0AAustin, TX 78731=0D=0AUSA URL: URL:http://www.dascom.com EMAIL;PREF;INTERNET:blakley@dascom.com REV:19991116T145954Z END:VCARD