Comments on: A Field Trip to the Planetarium: Delegation, Authorization Documents, and Auditing http://virtualsoul.org/blog/2007/03/09/a-field-trip-to-the-planetarium-delegation-authorization-documents-and-auditing/ "I've proven who I am so many times the magnetic strip's worn thin" -- "Pacing the Cage" by Bruce Cockburn Sat, 26 Mar 2011 06:04:05 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Kim Cameron’s Identity Weblog » Delegation tokens and impersonation http://virtualsoul.org/blog/2007/03/09/a-field-trip-to-the-planetarium-delegation-authorization-documents-and-auditing/comment-page-1/#comment-1345 Kim Cameron’s Identity Weblog » Delegation tokens and impersonation Sun, 25 Mar 2007 20:28:30 +0000 http://virtualsoul.org/blog/2007/03/09/a-field-trip-to-the-planetarium-delegation-authorization-documents-and-auditing/#comment-1345 [...] Delegation tokens  Delegation tokens, as you’ve described them, (according to one of Dale Old’s recent posts) are not yet implemented in CardSpace.  Is that accurate? Is it soon to be added to specification or is it still a work in progress? [...] [...] Delegation tokens  Delegation tokens, as you’ve described them, (according to one of Dale Old’s recent posts) are not yet implemented in CardSpace.  Is that accurate? Is it soon to be added to specification or is it still a work in progress? [...]

]]> By: Eric Norman http://virtualsoul.org/blog/2007/03/09/a-field-trip-to-the-planetarium-delegation-authorization-documents-and-auditing/comment-page-1/#comment-1137 Eric Norman Sun, 11 Mar 2007 21:10:20 +0000 http://virtualsoul.org/blog/2007/03/09/a-field-trip-to-the-planetarium-delegation-authorization-documents-and-auditing/#comment-1137 I suspect that the concepts of delegation, accountability, and auditing constitute a very large and very fertile territory that is as yet unexplored. The notion has been proposed that someone should delegate their privileges to a service to act on their behalf in their absence. I can imagine that such a service would then re-delegate to some other service and so on. This seems like it could get real messy in a hurry. How many log files or receipts will an auditor need to round up and correlate to get a record of who did what? Is the notion of composition worthwhile? Probably, but that might not be the whole story. I'm a math major, so I interpret composition more in its mathematical sense. Namely, the operation of composition creates a "short cut" but also loses information. An auditor may need evidence that the composition was performed correctly. I'm not speaking for or against more accountability and audit trails; all I'm trying to say is that all this is an area that deserves lots of exploration and discussion. Perhaps it would be worthwhile revisiting SPKI. That's a key-centric sustem that actually starts to deal directly with concepts of delegation of privilege and has a notion of composition. I suspect that the concepts of delegation, accountability, and auditing constitute a very large and very fertile territory that is as yet unexplored. The notion has been proposed that someone should delegate their privileges to a service to act on their behalf in their absence. I can imagine that such a service would then re-delegate to some other service and so on. This seems like it could get real messy in a hurry. How many log files or receipts will an auditor need to round up and correlate to get a record of who did what?

Is the notion of composition worthwhile? Probably, but that might not be the whole story. I’m a math major, so I interpret composition more in its mathematical sense. Namely, the operation of composition creates a “short cut” but also loses information. An auditor may need evidence that the composition was performed correctly.

I’m not speaking for or against more accountability and audit trails; all I’m trying to say is that all this is an area that deserves lots of exploration and discussion.

Perhaps it would be worthwhile revisiting SPKI. That’s a key-centric sustem that actually starts to deal directly with concepts of delegation of privilege and has a notion of composition.

]]>