[Hipsec-rg] 答复: Hierarchical HITs

[zhangdacheng at huawei.com (Zhang Dacheng)]

Hi:

Maybe I didn?t explain my idea in the last email clearly. Sorry for that. 

I never say that authentication results based on HITs cannot be used for
authorization. The scenario you mentioned is applicable as well. However,
identity lists are normally used by the simplest authorization systems.
Because identity-based authorization systems need to maintain a record for
each user, they are not efficient in the management of a large amount of
users. In order to solve the scalability issue and support more
sophisticated AC policies, new types of authorization systems (such as
attributed-based and role-based authorization systems) have been proposed
and widely employed. In these systems, privileges cannot be granted based on
or only based on the proof of the ownership of keys; additional information
is needed. Let's consider a very simple example here. I cannot let you
access my medical records if you only can prove that you are who you have
claimed. You also need to tell me where you from, whether you are a
qualified doctor, etc. Note that it is the job of my authentication system
to verify your claims. 

Apart from the proof of the possession of keys, HHIT can provide additional
hierarchal information which is required by many authorization systems. In
another word, you can generate more flexible AC polices based on the
information provided by HHITs. I think this is a benefit that HHIT
introduces. 

> The fingerprints (and other biometrics) is "self-generated" 
> and does not have any hierarchy, but can be used for 
> authorization very well.

I agree with it. However, this type of system is normally supported by
powerful databases which maintain the attributes of users before they can
actually authenticate themselves to the system. Therefore, I don't think
that hierarchical information is useless in these systems. The only
difference is that you need to provide the information before the process of
authentication. I think the designers of fingerprint-based authentication
systems might be very happy if they can find your hierarchical information
from your biometrical features, because they can reduce the data maintained
in the databases. Just a joke. 

Hope this email can answer your questions. 


Best Regards

Dacheng




> 
> Greetings!
> 
> >> I think we should distinguish authorization (deciding whether to 
> >> grant
> >> access) and authentication (verifying identity).
> 
> > I think Sheng Jiang just indicates that the authentication results 
> > should be able to be used by authorisation systems. In any 
> un-trivial 
> > systems, access control (AC) is performed by authorisation 
> mechanisms, 
> > and authentication results do not mean a lot if they cannot be used 
> > for authorisation. HHITs can provide information about 
> administration 
> > domains, which may be valuable for authorisation systems to make AC 
> > assertions.
> 
> Could you please elaborate why HIP-authentication cannot be 
> used for authorization?
> 
> 1) HIP is used to verify the identity of the host (that the 
> host possesses the private key indeed)
> 
> 2) The verified identity is used for the authorization 
> purposes: simply check that it is in the list of authorized 
> identities or request access certificate issued to that 
> identity by the trusted CA or whatever.
> 
> 
> The fingerprints (and other biometrics) is "self-generated" 
> and does not have any hierarchy, but can be used for 
> authorization very well.
> 
> --
> Regards, Oleg.