Re: [therightkey] Will the real RPF please stand up?

[Stephen Kent <kent@bbn.com>]

At 8:52 AM +0100 2/8/12, DIEGO LOPEZ GARCIA wrote:
>On 7 Feb 2012, at 23:25 , Stephen Kent wrote:
>>  federated authentication systems using certs generally seem to be
>>  motivated because folks can make cross-certification work properly.
>>  other federated auth systems seem to be based on having one org trust
>>  another to assert and identity for a user know to the second, but not
>>  the first. that's a recipe for secruity problems.
>
>Well, at the end, having an org trust another to 
>identify a user only known to the latter is what 
>certificates do, don't they? The problem with 
>federated schemas is the number of potential 
>sources of identity, that has to become 
>unbounded by definition. You have then to rely 
>on federation metadata, telling you which orgs 
>are trusted to make assertions on whom, and you 
>need some root(s) of trust for those metadata, 
>metadata revocation procedures, etc.  And this 
>collapses again into finding the-right-key(s)Š

I was a bit sloppy in my choice of words. Let me try again.

In the physical world we recognize that certain 
entities are authoritative for identifying people 
or orgs. These entities issue credentials to 
people and orgs, and these credentials are 
accepted for identification and/or authorization 
purposes, in selected contexts.  If a CA issues 
certs with IDs for which the CA is authoritative, 
it mimics the real world model, and that's 
generally good.  In many of the federation 
examples with which I am familiar, there is too 
much reliance on parties to vouch for identities 
in a nonauthoritative fashion. This is not a 
problem for all such systems, but for many.

Steve