Re: anonymous & none in the ACM (Was: Comments Access Control Model - authentication levels 2)

[George_Robert_Blakley_III@tivoli.com]

All,

>Just to try to close this one item, is there anyone who thinks we need
>to differentiate in the ACM between, in the terms of Ellen's very last
>BNF, "anonymous" and "none" ?

>>    authnLevel = "none" /            ; from X.500:  name but no password,
>> same as LDAPBIS unauthenticated
>>                        "anonymous" /   ; from LDAP:  no name and no
password

>Rick says he doesn't care, Kurt says X.500 says they are the same thing
>(from an access control point of view).
>They seem pretty similar to me.

>If we do collapse them both then I would suggest "unauthenticated" as a
>good name for this kind of authentication level--looks like that's
>consistent with ldapbis teminology.

X.500 was designed before privacy became an issue as big as it is today.
Certainly "anonymous" and "unauthenticated" DO NOT mean the same thing
in all cases -- for example if I use a debit (ATM) card at my grocery
store, from
the viewpoint of the store I am anonymous (they don't learn my identity, it
isn't printed
on the card, etc....), and yet I certainly am authenticated, as the holder
of checking account
number XXXXXXXXXXXXX before that account is debited (that's why I supply
the PIN).

In lots of cases it will be desirable to authenticate the user, or some
attribute of the user,
and then throw away the identity in order to preserve privacy.

--bob

Bob Blakley
Chief Scientist
Enterprise Solutions Unit
Tivoli Systems, Inc. (an IBM Company)