W3C home > Mailing lists > Public > www-ws-arch@w3.org > July 2002

RE: "Onion model" explained

From: Hal Lockhart <hal.lockhart@entegrity.com>
Date: Thu, 11 Jul 2002 09:43:15 -0400
Message-ID: <899128A30EEDD1118FC900A0C9C74A3401034177@bigbird.gradient.com>
To: "'Darran Rolls'" <Darran.Rolls@waveset.com>, Joseph Hui <Joseph.Hui@exodus.net>, www-ws-arch@w3.org
I am less concerned about the onion layers. If this structure has achieved a
wide consensus I can live with it. After all, we have several industry
segments (PKI, biometrics) totally focused on AuthN. (However, as additional
support for my view note how in the last few years all the major PKI
companies have acquired an Authorization (PMI) product company.) And as I
said AuthN is a significant technical problem. 
 
My purposes were twofold:
 
1. I think that AuthN has to be addressed at least in a minimal way in phase
one, whether it is consider layer one or two.
 
2. I was taking the opportunity to present what I consider the more accurate
architectural view.
 
Hal
 

-----Original Message-----
From: Darran Rolls [mailto:Darran.Rolls@waveset.com]
Sent: Wednesday, July 10, 2002 7:01 PM
To: Joseph Hui; Hal Lockhart; www-ws-arch@w3.org
Subject: RE: "Onion model" explained



I would agree with Hal’s position, but concede that AuthN *can* have a
purpose on it’s own.  I think the issue is that it’s hard to separate them
as proposed.  Perhaps we could move AuthZ to layer 1, or if that makes layer
1 too “crowded”, move confidentiality to 2 and leave AuthN/AuthZ in 1?

 

--------------------------------------------------------

Darran Rolls                      http://www.waveset.com

Waveset Technologies Inc          drolls@waveset.com 

(512) 657 8360                    

--------------------------------------------------------

 

-----Original Message-----
From: Joseph Hui [mailto:Joseph.Hui@exodus.net] 
Sent: Wednesday, July 10, 2002 5:48 PM
To: Hal Lockhart; www-ws-arch@w3.org
Subject: RE: "Onion model" explained

 

Hal,

 

Besides playing auxiliary roles for Conf, Integrity, Authz, etc,

Authentication can by itself be of some value to applications.

E.g. Applications Alice and Bob communicate online.

Alice only cares that Bob is really what he claims he is, and nothing else,

i.e. conf, integrity, auditing, etc are of no concern to them both.  How
would

Alice go by accomplishing that?  She asks whoever claims to be Bob

to present her a CA signed certificate; verifies it; and accepts or rejects 

the claim accordingly.  In practice, this may be done by Alice as a

TLS client asking its server for a certificate, and negotiating only

for a null ciphersuite.  Secured heartbeat notifier are one app

class that can fulfill its purpose in life using authc alone.

 

Joe Hui

Exodus, a Cable & Wireless service

==================================.

 

 -----Original Message-----
From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
Sent: Wednesday, July 10, 2002 2:41 PM
To: Joseph Hui; www-ws-arch@w3.org
Subject: RE: "Onion model" explained

Apparently I am on the www-ws-arch mailing list, so you don't have to add me
explicitly. 

With respect to the onion model, my question was not so much what it was, as
how was it relevant to the three STF objectives. This was explained as
relating to the charter requirements objective, which answered my question.

With respect to the priority, I know it is unreasonable to expect to convert
the world to my thinking overnight, but I will take the opportunity to
introduce my views. 

I now firmly believe that Authorization, while a significant technical
problem, is not a fundamental service. The ONLY purpose of Authentication is
to provide inputs to other security services such as Confidentiality,
Integrity, Authorization and Audit Trail.

For current purposes I will settle for consensus around the idea that
"Authentication without Authorization is insufficient". This is what major
end users and industry gurus have been saying for the last five years or so.

Hal 

> -----Original Message----- 
> From: Joseph Hui [ mailto:Joseph.Hui@exodus.net
<mailto:Joseph.Hui@exodus.net> ] 
> Sent: Wednesday, July 10, 2002 3:14 PM 
> To: www-ws-arch@w3.org 
> Cc: hal.lockhart@entegrity.com 
> Subject: "Onion model" explained 
> 
> 
> Hi all, 
> 
> During today's STF telcon I took an action item to 
> explain in the mailing list what the "onion model" 
> that we sometimes referred to in the WG's security 
> related threads was about. 
> 
> So here it goes. 
> 
> The "Onion model," for the lack of a better term, is in 
> essence a grouping of the WSAWG sec reqs for the benefit 
> of prioritizing them for a phased approach in delivering 
> our sec solutions/standards.  (The phased approach came 
> about inconsideration of the time-to-market factor often 
> recited in the WSAWG's discussions.) 
> 
> The model comprises, in descending priority: 
> 
>    Layer 1) Confidentiality, (Data) Integrity, Authentication; 
> 
>          2) Authorization; 
> 
>          3) Non-repudiation; 
> 
>          4) Accessibility 
> 
>          5) The remainder of the WSAWG sec requirements, 
>             including Auditing. 
> 
>    Note that a phase may consist of one or more laysers. 
>    E.g. the first phase may include layer 1 only, or 
>    layers 1 & 2, dependent upon future decisions. 
> 
> Cheers, 
> 
> Joe Hui 
> Exodus, a Cable & Wireless service 
> 
Received on Thursday, 11 July 2002 09:44:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:01 GMT