[Auth]Re: [DotGNU]Macs and phpGW(was: Distributed Savannah)

[Mario D. Santana]

I'm moving this to the Auth list...

"Gopal.V" wrote:

> > Not in the current design. I've been thinking about it, though. The 
> > session tokens handed out by the AUS really should point back to their 
> > AUS of origin. Then AUSes can cross-authenticate each others' sessions.
> 
>       This could end-up in a dreadful mess MDS, this may cause a 
> malicious cracker to set up his own AUS and cross authenticate 
> into any system. We could cross-auth only with a list of trusted 
> AUSes. But a better option would be what SSH uses, copy the identity
> signature to all trusted machines, for a one logon scheme. Delete it 
> and the machine becomes untrusted. ie if I have an identity in AUS A,
> and copy it to AUS B, B automatically becomes trusted to A and only
> for me . So AUTH token from B will be accepted by A after comparing 
> identity signatures in A & B. Tell me if you like this idea ( I am 
> great at idea reuse :-). SSH uses an RSA encrypted signature, whose
> public key is accesible from the server. (or so I have been led to believe)

Yes, except I'd like to have shades of "trusted". The PKI scheme you draw
is an embellishment on the "list of trusted AUSes" scheme. I'll
definitely want some PKI in place so that everybody can tell who they're
really talking to, and an AUS should definitely sign each token it hands
out. But for cross-authentication I was thinking more along the lines of
leaving the significance of that up to each token consumer.

For example an AUC can be configured to consider a user authenticated, or
an ATS can be configured to an action authorized, based on which AUS
signed the session token.

So, an AUC protecting a public ftp site might consider any token to be
enough, while the ATS authorizing actions for that same ftp site might
only authorize a write operation if the session token was issued by a
trusted AUS.

mds

pgpOKfrEYr8k6.pgp
Description: PGP signature