W3C home > Mailing lists > Public > www-ws-arch@w3.org > July 2002

Re: "Onion model" explained

From: Pete Wenzel <pete@seebeyond.com>
Date: Tue, 23 Jul 2002 11:10:39 -0700
To: Joseph Hui <Joseph.Hui@exodus.net>
Cc: Hal Lockhart <hal.lockhart@entegrity.com>, www-ws-arch@w3.org
Message-ID: <20020723111039.C23320@seebeyond.com>

Thus spoke Joseph Hui (Joseph.Hui@exodus.net) on Mon, Jul 22, 2002 at 08:03:51PM -0700:
> >From:	Hal Lockhart [mailto:hal.lockhart@entegrity.com]
> [snip]
> >1. I still maintain that Authentiation is never an end in itself,
> >   it is a step that collects data to be used in some other
> >   decision.
> ...
> The point I made, as I recall, was to show the fallacy
> of "authN by itself was *never* enough" [Assertion A].
> ...
> here's one heartbeat app with a negative trigger.
> Every N seconds Alice sends an "I'm-alive" signal to Bob.
> By sharing a common secret, only Bob knows how to 
> authenticate the signals from Alice.  Bob will invoke
> Proc A if M heartbeats from Alice are missed.
> See?  No authZ whatsoever,

But authentication of Alice's signal has a side-effect:  it causes
Bob to reset his watchdog timer-counter.  Signals that cannot be
authenticated as coming from Alice should not result in the reset
behavior.  In other words, we can say that Alice is authorized to
reset Bob's counter (or, equivalently, that Alice is authorized to
prevent Bob's execution of Proc A).

> not even Integrity or
> Encryption (as in the cases of H-MAC or dsig),
> was involved....

Yes, these have independent uses; clearly sometimes AuthN+AuthZ is
enough.  However, the heartbeat example doesn't demonstrate that AuthN
is enough by itself, because there is more taking place than just

Pete Wenzel <pete@seebeyond.com>
Standards & Product Strategy
+1-626-471-6311 (US-Pacific)
Received on Tuesday, 23 July 2002 14:11:12 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:40:57 UTC