Re: Verifiable Claims Telecon Minutes for 2015-12-01

I was unable to attend this teleconference, but there was one objection I
would like to raise:

RESOLUTION: There is a significant difference between
  user-centric and service-centric architectures when it comes to
  verifiable claims.

I strongly oppose this resolution, and believe this sort of thinking is
both deeply rooted in ambient authority systems and is the source of
confused deputy problems in multi-principal interactions where one of the
principals is the user.

A credential system which can securely solve 3+ principal interactions is
by necessity dealing with the relationships between the user, service A,
and service B (and potentially services C, D, and E)

I would argue that if a credential system is inflexible to the point it is
unable to model both the authority of human principals (vicariously via
their user agents) and service principals, that is in fact a failure of the
design/expressiveness of the credential system, and in no way a desirable
property.

I would cite Macaroons as a system sufficiently flexible and expressive
enough to cover both cases:

http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/41892.pdf


-- 
Tony Arcieri

Received on Tuesday, 1 December 2015 21:09:05 UTC