Information Technology Reference
In-Depth Information
Table 1. Interpretation of CSIv2 requests
Connection Transport
Invocation
Carol's
Method
Principal
CA
IA Principal
Interpretation
TCP/IP
Default
None
None Default
Default says r
TCP/IP
Default
(Clyde,PW) None
Clyde
DefaultsaysClydesaysr
SSL
Tony
None
None
Tony
Tony says r
SSL
Tony
(Clyde,PW) None
Clyde
Tony says Clyde says r
TCP/IP
Default
None
Alice
Alice
Default says Alice says r
TCP/IP
Default
(Clyde, PW) Alice
Alice
Default says Clyde says Alice says r
SSL
Tony
None
Alice
Alice
Tony says Alice says r
SSL
Tony
(Clyde, PW) Alice
Alice
Tony says Clyde says Alice says r
TCP/IP
Default
None
Anon
Anon
Default says Anon says r
TCP/IP
Default
(Clyde, PW) Anon
Anon
Default says Clyde says Anon says r
SSL
Tony
None
Anon
Anon
Tony says Anon says r
SSL
Tony
(Clyde, PW) Anon
Anon
Tony says Clyde says Anon says r
The CSIv2 authors have not yet standardized the interpretation of the informa-
tion contained in the SA component, and thus we focus our attention on the CA
and IA components for now. In total, there are six possible pairs
to
consider. The CA component may either be empty (in which case no principal
is associated with CA ) or contain a userid/password pair
CA,IA
(in which
case the principal Clyde is associated with CA ). There are three possibilities for
the IA component: it may be empty, or it may contain an identity token for a
particular principal Alice or for the Anonymous principal.
When the target provider Carol receives a request r with an associated SAS
data structure, she always interprets it relative to the same ordering on princi-
pals: the transport principal (either Default or Tony) first, followed by (if present)
the principal associated with CA (Clyde), followed by (if present) the principal
associated with IA (Alice or Anon). Thus, if an SSL request r identifies Clyde
as the CA principal and Alice as the IA principal, then Carol interprets this
request as
Clyde ,P
Tony
says
( Clyde
says
( Alice
says r )) ,
and she considers Alice to be the invocation principal (i.e., client). In contrast,
a TCP/IP request r that identifies Clyde as the CA principal and contains no
IA component is interpreted as
says
says r ) ,
Default
( Clyde
and Clyde is the invocation principal. Table 1 enumerates the twelve cases for
requests that are made in association with the SAS data structure.
The fourth case in the table - and the associated statement Tony
Clyde
says r - can be used to describe a situation in which a bank customer (here,
Clyde) connects with a web server to perform an online-banking operation. The
web server passes on Clyde's username, password, and request r to an online
banking server (Carol) over SSL; because the request is transmitted over SSL,
Carol authenticates the web server as Tony, rather than identifying the web
server as Default. The CSIv2 protocol specifies how the information is to be
interpreted by the target principal.
says
Search WWH ::




Custom Search