After an interesting panel discussion yesterday at the Network Security 2006Conference, I started to think about security protocols in general again. One comment from a gentleman in the audience struck me in particular: PKI (and other authentication systems) are hard to setup and control, because every time you create a new authentication service you have to fill in all kind of attributes for the user at hand, e.g. name, employee id, group membership etc.
As we all know, directories are great, but they are not exactly capable of solving this problem. Instead, this problem could be solved by separating authentication and autorization data, keeping the authZ data in a common format [1]. SAML (in particular attribute statements) might be a good solution for the authZ data format, since it is well undestood, extensible and has good privacy features. But obviously, there might be other good, open authZ languages, as well.
If the authentication mechanism are now capable of carrying the authZ data (such as the in the SAML TLS proposal, or in GSS-SAML), then a few requirements of a good authorization model are fullfilled:
- The authorization data is described by an open language.
- The authorization language is stable across different authentication mechanisms.
- It can be carried directly within the framework of the authentication protocol, – or –
it can be left on the authorization server an only be referrenced. - It provides at least for pseudonymity, if properly properly profiled also for anonymous authorization.
[1] I am assuming here that a bag of attributes is sufficient to enable authZ decisions.