[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AAA design document pointers

Subject: AAA design document pointers
From: jra at baylink.com (Jay Ashworth)
Date: Wed, 20 Jun 2012 19:59:09 -0400 (EDT)
In-reply-to: <[email protected]>

My takeaway from the conversations we're having as the second and third-order
resultants of the LinkedIn password break is that, if there *is* an accepted
definition of the problem, in slices small enough for implementers to 
understand, a lot of people haven't read it.  Including me.

*Is* there a good defnition of the current shape of the authentication/
authorization problem as it presently exists in the Wide Area with the
General Public as audience, which someone can point to?

One that identifies, as it goes along, all the points we batted around
today, like "person or PC", "multiple accounts", "non/repudiation",
and whatever you call "multiple services not being able to tell you're
the same person as an account holder, unless you *want* them to"?

Not even the solutions, you understand, just the definition of the
problem?  Seems to me we're on different pages in the hymnal...

Off-list, please; I'll summarize.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

Prev by Date: How to fix authentication (was LinkedIn)
Next by Date: IPv6 /64 links (was Re: ipv6 book recommendations?)
Previous by thread: Saleslurkers - onnet check in greenville nc
Next by thread: PIM survey for operators
Index(es):
- Date
- Thread