[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: anonymous & none in the ACM (Was: Comments Access Control Model -authentication levels 2)
Bob,
I understand your use of the word "anonymous". However, that's not the
way Ellen was using it in her BNF--it seems clear that by "anonymous"
she means a requestor who is not authenticated at all, not that the
requestor did authenticate but then had his identity thrown away.
I guess the LDAP version of your store customer would be a requestor who
authenticated using say SASL CRAM-MD5, but attached a proxy
authorization control with an authorization identity of "".
I think the ACM could probably accomodate such requestors with a subject
like this:
subject = authnlevel: sasl: DIGEST-MD5 : public
In other words, for the purpose of evaluating this aci we do require the
requestor to have authenticated using SASL DIGEST-MD5, but we do not
require him to be authenticated with any _particular_ identity.
Rob.
George_Robert_Blakley_III@tivoli.com wrote:
>
> All,
>
> >Just to try to close this one item, is there anyone who thinks we need
> >to differentiate in the ACM between, in the terms of Ellen's very last
> >BNF, "anonymous" and "none" ?
>
> >> authnLevel = "none" / ; from X.500: name but no password,
> >> same as LDAPBIS unauthenticated
> >> "anonymous" / ; from LDAP: no name and no
> password
>
> >Rick says he doesn't care, Kurt says X.500 says they are the same thing
> >(from an access control point of view).
> >They seem pretty similar to me.
>
> >If we do collapse them both then I would suggest "unauthenticated" as a
> >good name for this kind of authentication level--looks like that's
> >consistent with ldapbis teminology.
>
> X.500 was designed before privacy became an issue as big as it is today.
> Certainly "anonymous" and "unauthenticated" DO NOT mean the same thing
> in all cases -- for example if I use a debit (ATM) card at my grocery
> store, from
> the viewpoint of the store I am anonymous (they don't learn my identity, it
> isn't printed
> on the card, etc....), and yet I certainly am authenticated, as the holder
> of checking account
> number XXXXXXXXXXXXX before that account is debited (that's why I supply
> the PIN).
>
> In lots of cases it will be desirable to authenticate the user, or some
> attribute of the user,
> and then throw away the identity in order to preserve privacy.
>
> --bob
>
> Bob Blakley
> Chief Scientist
> Enterprise Solutions Unit
> Tivoli Systems, Inc. (an IBM Company)