Databases Reference
In-Depth Information
Fig. 1.
Example trust negotiation
owns the pharmacist credential.
Alice is now willing to send her prescription to Bob. She sends that
along with proof that the prescription was issued by a doctor within
the country, in the form of a credential signed by a national agency
that attests that her doctor is licensed to practice medicine. Her doc-
tor should have given her this credential the first time she asked for a
digital prescription; if he did not, she can query him now (credential
discovery) to obtain it.
Bob verifies the signature on the doctor's license certificate, and then
verifies that the prescription was signed by the doctor mentioned in
the license certificate. He also follows a short protocol that allows
Alice to prove that she is the patient mentioned in the credential.
Afterwards, Bob's policy has been satisfied, so he allows Alice to pur-
chase the medication.
Under traditional identity-based authorization, Alice and her doctor would
have to follow lengthy out-of-band procedures to establish the same level of
trust with the pharmacy web site. Both would have to set up accounts before-
hand at the pharmacy web site, and Bob would need to see paper credentials
to ensure that Alice's doctor really is a doctor. So that Bob can know that
the prescription really is for Alice, she will have to give her pharmacy account
number to her doctor so that the doctor can mention it in the prescription.
Further, the doctor must submit the prescription directly to the site, so that
Bob knows that the doctor really did create it. In addition to the hassle of
