Re: Sketch of a very simple identification protocol from Story Henry on 2008-04-02 (ietf-http-wg@w3.org from April to June 2008)

From: Story Henry <henry.story@bblfish.net>
Date: Wed, 2 Apr 2008 14:16:24 +0200
To: Henrik Nordstrom <henrik@henriknordstrom.net>
Cc: HTTP Group Working <ietf-http-wg@w3.org>, buanzo@buanzo.com.ar
Message-Id: <4FE50876-BB9B-4DA3-BD30-240D06DD2CAA@bblfish.net>
Hi Henrik,

thanks a lot for the reply. I posted a link to it in a comment to the
RDFAuth post.

On 1 Apr 2008, at 23:33, Henrik Nordstrom wrote:
>
> tis 2008-04-01 klockan 17:47 +0200 skrev Story Henry:
>
>> http://blogs.sun.com/bblfish/entry/rdfauth_sketch_of_a_buzzword
>>
>> It is very simple, and probably could be further simplified. Some
>> people have noted the similarity with HTTPS, and how this could be
>> thought of as an extension to that perhaps [2].
>
> I see more similaries with HTTP Digest authentication than HTTPS..

Yes. That is what I based the idea on. One way it starts rejoining  
HTTPS is that the server could use the public key to encrypt the reply  
so that only the client can read it. It is an interesting thought,  
though I have been warned that encryption with asymmetric keys is  
costly.

There is another way to relate it directly to HTTPS developed by Toby  
Inkster, in an email I refer to below.

> Actually you would solve some of the problems mentioned like replay
> attacks and nonce management if you do things the Digest way with  
> server
> nonce, client nonce + server nonce reuse counter.

sounds right.

> You cannot shortcut 1+2 unfortunately while keeping RESTful as HTTP  
> does
> not allow mixing public and authenticated content on the same URI, and
> attempting to do so will mess up the cache model of HTTP. But 1 only
> needs to be performed once for the whole duration of the session  
> (which
> can be arbitrary long, subject to server controlled constraints).

Ok. That is really helpful to know that public and authenticated  
content cannot be served from the same URL.

> But I feel this proposal is perhaps trying to layer too much at the  
> same
> time. Better to separate identification from authentiation. If you use
> pgp for authentication then the identification key in the  
> authentication
> should be the pgp identity (which is a pgp key with some name & email
> recorded). But it's also worth noting that pgp signatures do embed the
> needed information to identify which key has made the signature (but  
> not
> it's distribution points).


Yes. I completely agree. There is no need to reduce the message load  
from the client to the server. It may as well have the following  
headers:

1. A header for the ID, which would be an IRI
    so this could allow ldap IRIs, and other protocols in addition to  
HTTP
    (but I favor HTTP).
    By using some naming service the server can the get information  
about entity named by that IRI

     User-Id: http://bblfish.net/people/card#me

2. A header for the public key and the type of the key

     User-Public-Key: Type=OpenPG,uri=http://bblfish.net/people/henry/henry.pubkey.asc


3. An encoded string that proves that the User Agent knows the private  
key.

Then there just needs to be a way to tie the public key to the User- 
Id. The simple way is to have the User-Id representation point to the  
public key, which proves that he who has write access to the UserId  
resource endorses the public key.

(this is the OpenId trick)

> What this means is supply the foaf identification separately in an
> informal header if needed. It also makes it trivial to use other forms
> of authentication with no change in the semantic identification. One
> example of such alternative authentication would be SSL.

yes, Toby Inkster suggested that the foaf file (or the ldap server)  
could also point to a unique identifying property of the client's SSL  
public key (its hex_id) in

http://lists.w3.org/Archives/Public/semantic-web/2008Mar/0207.html

this would allow an SSL connection using that key to count as client
authentication

> So there is three components
>
> * Identification. "This is who I claim to be"
>
> * Authentication. "This is how I prove the above to be true"
> * Authorizatioon. "I know you, access granted"
>
> I would make the identification separate, and use authentication to
> prove the identification when needed.

Yes.

I wonder how I should proceed from here...

> In the end this boils down to the web of trust of the authentication
> scheme used.
>
> Another related alternative using OpenPGP for http authentication  
> would
> be to use enigform for the requests requiring authentication. Layered
> slightly differently, not following the HTTP authentication scheme  
> model
> in header names, but conceptually is one..
>
> http://www.buanzo.com.ar/sec/enigform.en.html

Very interesting. I'd love to hear Arturo's feedback.
What foaf provides is I think a way to create a more flexible web of  
trust. Perhaps not quite as trustworthy as key signing parties, but  
easier to undo.
I can have my foaf file link to a signature of your key. If I loose  
trust in it, I could remove the link... I think the two compliment  
each other nicely.

Henry

>
>
> Regards
> Henrik
>
Attachments

application/pkcs7-signature attachment: smime.p7s
Received on Wednesday, 2 April 2008 12:17:12 UTC