[Hipsec-rg] Hierarchical HITs
oleg.ponomarev at hiit.fi (Oleg Ponomarev) Tue, 20 January 2009 15:14 UTC
From: "oleg.ponomarev at hiit.fi"
Date: Tue, 20 Jan 2009 17:14:49 +0200
Subject: [Hipsec-rg] Hierarchical HITs
In-Reply-To: <000301c97aa1$9071f300$480c6f0a@china.huawei.com>
References: <000301c97aa1$9071f300$480c6f0a@china.huawei.com>
Message-ID: <alpine.LFD.2.00.0901201555340.17180@stargazer.pc.infrahip.net>
Greetings! >> I think we should distinguish authorization (deciding whether to grant >> access) and authentication (verifying identity). > I think Sheng Jiang just indicates that the authentication results > should be able to be used by authorisation systems. In any un-trivial > systems, access control (AC) is performed by authorisation mechanisms, > and authentication results do not mean a lot if they cannot be used for > authorisation. HHITs can provide information about administration > domains, which may be valuable for authorisation systems to make AC > assertions. Could you please elaborate why HIP-authentication cannot be used for authorization? 1) HIP is used to verify the identity of the host (that the host possesses the private key indeed) 2) The verified identity is used for the authorization purposes: simply check that it is in the list of authorized identities or request access certificate issued to that identity by the trusted CA or whatever. The fingerprints (and other biometrics) is "self-generated" and does not have any hierarchy, but can be used for authorization very well. -- Regards, Oleg.
- [Hipsec-rg] Hierarchical HITs Xu Xiaohu
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Key Revocation Issue Henderson, Thomas R
- [Hipsec-rg] re: 答复: 答复: Key Revocation Issue Xu Xiaohu
- [Hipsec-rg] 答复: 答复: Key Revocation Issue Andrew McGregor
- [Hipsec-rg] 答复: 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] 答复: Key Revocation Issue Scott Brim
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Hierarchical HITs JiangSheng 66104
- [Hipsec-rg] Key Revocation Issue Oleg Ponomarev
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] 答复: Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Key Revocation Issue Miika Komu
- [Hipsec-rg] Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] 答复: Hierarchical HITs Zhang Dacheng
- [Hipsec-rg] 答复: Hierarchical HITs Teemu Koponen
- [Hipsec-rg] Hierarchical HITs JiangSheng 66104
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] 答复: Hierarchical HITs Zhang Dacheng
- [Hipsec-rg] Hierarchical HITs JiangSheng 66104
- [Hipsec-rg] Hierarchical HITs Julien Laganier
- [Hipsec-rg] Hierarchical HITs Julien Laganier
- [Hipsec-rg] 答复: Hierarchical HITs Julien Laganier
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] 答复: Hierarchical HITs Sheng Jiang
- [Hipsec-rg] 答复: 答复: Hierarchical HITs Sheng Jiang
- [Hipsec-rg] 答复: Hierarchical HITs Sheng Jiang
- [Hipsec-rg] Hierarchical HITs Oleg Ponomarev
- [Hipsec-rg] Hierarchical HITs (Was: reverse DNS l… JiangSheng 66104
- [Hipsec-rg] Key Revocation Issue Zhang Dacheng
- [Hipsec-rg] Key Revocation Issue Henderson, Thomas R