IETF Logo Mail Archive

[Hipsec-rg] 答复: Hierarchical HITs

zhangdacheng at huawei.com (Zhang Dacheng) Tue, 20 January 2009 01:51 UTC

From: "zhangdacheng at huawei.com"
Date: Tue, 20 Jan 2009 09:51:08 +0800
Subject: [Hipsec-rg] 答复: Hierarchical HITs
In-Reply-To: <alpine.LFD.2.00.0901170024230.17180@stargazer.pc.infrahip.net>
Message-ID: <000301c97aa1$9071f300$480c6f0a@china.huawei.com>

 

Hi! On Sat, 17 Jan 2009, Sheng Jiang wrote:

> As I explained earlier, a self-issued identity means little. Will any 
> country allow entrance of a man whose identity card is issued by 
> himself only?

I think we should distinguish authorization (deciding whether to grant
access) and authentication (verifying identity).

--
Regards, Oleg.

_______________________________________________
Hipsec-rg mailing list
Hipsec-rg at listserv.cybertrust.com
https://listserv.cybertrust.com/mailman/listinfo/hipsec-rg

Hi,

I think Sheng Jiang just indicates that the authentication results should be
able to be used by authorisation systems. In any un-trivial systems, access
control (AC) is performed by authorisation mechanisms, and authentication
results do not mean a lot if they cannot be used for authorisation. HHITs
can provide information about administration domains, which may be valuable
for authorisation systems to make AC assertions.

Best Regards, 

Dacheng Zhang

v2.23.0 | Report a Bug | By Email