[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: anonymous & none in the ACM (Was: Comments Access Control Model -authentication levels 2)

To: George_Robert_Blakley_III@tivoli.com
Subject: Re: anonymous & none in the ACM (Was: Comments Access Control Model -authentication levels 2)
From: robert byrne <robert.byrne@Sun.COM>
Date: Tue, 10 Apr 2001 11:13:38 +0200
Cc: ietf-ldapext@netscape.com
Organization: Sun Microsystems
References: <OF52A3EB7B.A774801A-ON86256A29.0061D4A0@tivoli.com>

Bob,

I understand your use of the word "anonymous".  However, that's not the
way Ellen was using it in her BNF--it seems clear that by "anonymous"
she means a requestor who is not authenticated at all, not that the
requestor did authenticate but then had his identity thrown away.

I guess the LDAP version of your store customer would be a requestor who
authenticated using say SASL CRAM-MD5, but attached a proxy
authorization control with an authorization identity of "".

I think the ACM could probably accomodate such requestors with a subject
like this:

	subject = authnlevel: sasl: DIGEST-MD5 : public

In other words, for the purpose of evaluating this aci we do require the
requestor to have authenticated using SASL DIGEST-MD5, but we do not
require him to be authenticated with any _particular_ identity.

Rob.

George_Robert_Blakley_III@tivoli.com wrote:
> 
> All,
> 
> >Just to try to close this one item, is there anyone who thinks we need
> >to differentiate in the ACM between, in the terms of Ellen's very last
> >BNF, "anonymous" and "none" ?
> 
> >>    authnLevel = "none" /            ; from X.500:  name but no password,
> >> same as LDAPBIS unauthenticated
> >>                        "anonymous" /   ; from LDAP:  no name and no
> password
> 
> >Rick says he doesn't care, Kurt says X.500 says they are the same thing
> >(from an access control point of view).
> >They seem pretty similar to me.
> 
> >If we do collapse them both then I would suggest "unauthenticated" as a
> >good name for this kind of authentication level--looks like that's
> >consistent with ldapbis teminology.
> 
> X.500 was designed before privacy became an issue as big as it is today.
> Certainly "anonymous" and "unauthenticated" DO NOT mean the same thing
> in all cases -- for example if I use a debit (ATM) card at my grocery
> store, from
> the viewpoint of the store I am anonymous (they don't learn my identity, it
> isn't printed
> on the card, etc....), and yet I certainly am authenticated, as the holder
> of checking account
> number XXXXXXXXXXXXX before that account is debited (that's why I supply
> the PIN).
> 
> In lots of cases it will be desirable to authenticate the user, or some
> attribute of the user,
> and then throw away the identity in order to preserve privacy.
> 
> --bob
> 
> Bob Blakley
> Chief Scientist
> Enterprise Solutions Unit
> Tivoli Systems, Inc. (an IBM Company)

References:
- Re: anonymous & none in the ACM (Was: Comments Access Control Model - authentication levels 2)
  - From: George_Robert_Blakley_III@tivoli.com

Prev by Date: Re: IP Address in the ACM (Was: Comments onAccessControlModel- BNF)
Next by Date: Re: Authentication Levels for ACMs
Index(es):
- Chronological
- Thread