I was unable to attend this teleconference, but there was one objection I would like to raise: RESOLUTION: There is a significant difference between user-centric and service-centric architectures when it comes to verifiable claims. I strongly oppose this resolution, and believe this sort of thinking is both deeply rooted in ambient authority systems and is the source of confused deputy problems in multi-principal interactions where one of the principals is the user. A credential system which can securely solve 3+ principal interactions is by necessity dealing with the relationships between the user, service A, and service B (and potentially services C, D, and E) I would argue that if a credential system is inflexible to the point it is unable to model both the authority of human principals (vicariously via their user agents) and service principals, that is in fact a failure of the design/expressiveness of the credential system, and in no way a desirable property. I would cite Macaroons as a system sufficiently flexible and expressive enough to cover both cases: http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/41892.pdf -- Tony Arcieri
Received on Tuesday, 1 December 2015 21:09:05 UTC