I was unable to attend this teleconference, but there was one objection I
would like to raise:
RESOLUTION: There is a significant difference between
user-centric and service-centric architectures when it comes to
verifiable claims.
I strongly oppose this resolution, and believe this sort of thinking is
both deeply rooted in ambient authority systems and is the source of
confused deputy problems in multi-principal interactions where one of the
principals is the user.
A credential system which can securely solve 3+ principal interactions is
by necessity dealing with the relationships between the user, service A,
and service B (and potentially services C, D, and E)
I would argue that if a credential system is inflexible to the point it is
unable to model both the authority of human principals (vicariously via
their user agents) and service principals, that is in fact a failure of the
design/expressiveness of the credential system, and in no way a desirable
property.
I would cite Macaroons as a system sufficiently flexible and expressive
enough to cover both cases:
http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/41892.pdf
--
Tony Arcieri