The Security Problem
Security = supporting authorization policy
Let good people do what they should;
stop bad people from doing what they want
We achieve this via authentication, integrity, confidentiality mechanisms
Many application protocols, many security mechanisms
Security mechanisms: strong vs scalable vs deployable
App protocol can't just choose one
Defining everything NxN is undesignable, unsupportable, insecure
Solution: framework(s) for gluing things together
OK, only part of solution, also probably need:
user/resource/policy representations/expressions
signed/encrypted protocol objects
etc.
rlmorgan
@
washington.edu
[
next
|
top
]
BLOCKS BoF, IETF 47, March 2000