Hi Carl, I'd avoid "relationship management" only in that the industry uses CRM (Customer Relationship Management) to refer to a whole panoply of "solutions"...
Tony Bartoletti
azb@...
Jun 5, 2001 1:14 am
935
I find "trust management" to be a more specific description of SPKI than "relationship management". And the goals of SPKI are not too far off from what other...
Jan Pachl
pachl@...
Jun 5, 2001 1:52 am
936
I like "risk management" or "liability management" or (more positively) "credential" or "credit" management. <RANT> The trouble with "trust" is that it's used...
Martin Smith
mfsmith@...
Jun 5, 2001 2:51 am
937
... I paper I recently read (whose author I can't remember, and my books are packed away at the moment) pointed out that in most cases where the term "trust"...
Peter Gutmann
pgut001@...
Jun 5, 2001 2:40 pm
938
If the goal is to describe concisely what "SPKI" supports, perhaps Authorization Management Infrastructure would be ... amiable. :) ___tony___ ... Tony...
Tony Bartoletti
azb@...
Jun 5, 2001 6:55 pm
939
... I've always thought of them as AuthCerts. Or perhaps part of an Authorization Management System (AMS). Cheers - Bill ... Bill Frantz | The...
Bill Frantz
frantz@...
Jun 5, 2001 7:23 pm
940
... I like that. I was thinking about Authentication Management, earlier, and, before that, Access Management... Cheers, RAH -- ... R. A. Hettinga <mailto:...
R. A. Hettinga
rah@...
Jun 6, 2001 12:30 am
941
I also considered "Attribution Management", but felt that authorization was the core SPKI "coin of the realm". Access is close as well (and is easier to...
Tony Bartoletti
azb@...
Jun 6, 2001 1:36 am
942
Hello, we call our system implementing security management functionality based on digital signed data Certificate Management System. There is one big module of...
Zoltán Nochta
Zoltan.Nochta@...
Jun 6, 2001 8:51 am
943
I am curious, how do people here define PKI? There has been a lot of criticism of PKIs so I understand the concern that SPKI is affected by this. But PKI is...
hal@...
Jun 6, 2001 5:24 pm
944
... I think what's being referred to in most cases when the term PKI is used isn't any kind of infrastructure but a utopia in which all security problems are ...
Peter Gutmann
pgut001@...
Jun 6, 2001 5:42 pm
945
... Hash: SHA1 ... I like the term Trust Management, and liked it when [BFL] came up with it, but I have had a problem with the use of the word "Trust" for...
Carl Ellison
cme@...
Jun 7, 2001 11:52 am
946
... Hash: SHA1 ... Liability management is another good thing and I don't see enough written about it. I don't think we address it, however. ... Amen,...
Carl Ellison
cme@...
Jun 7, 2001 11:53 am
947
... Hash: SHA1 ... Peter, that's a great thought. When you remember what that paper is, can you send the pointer to the list? - Carl ... Version: PGP 6.5.2 ...
... Hash: SHA1 ... I like your definition of infrastructure, here. That's one that I use to describe my own activities. I especially like your use of...
Carl Ellison
cme@...
Jun 7, 2001 12:13 pm
951
... Hash: SHA1 ... Ah yes, Directory. This is X.500 in sheeps clothing. Or maybe the Devil, in some sweet disguise. I have a great sermon by a retired bishop...
Carl Ellison
cme@...
Jun 7, 2001 12:14 pm
952
Carl, Bob, and others, I too have become increasingly disappointed in the application of certificates to authentication and authorization. As Carl pointed out...
James A. Rome
jar@...
Jun 7, 2001 1:01 pm
953
... There's actually a variety of subclasses here, from my crypto tutorial: Types of trust Blind trust Sometimes the only option, eg emergencies Swift trust ...
Peter Gutmann
pgut001@...
Jun 7, 2001 3:03 pm
954
... Hash: SHA1 ... Actually, that third one might better be called "psychotic trust", now that I think about it. Isn't that someone's definition of a...
Carl Ellison
cme@...
Jun 7, 2001 3:57 pm
955
James, What is the cause of the disappointment? That DOE has not attempted to apply certificates to authorization, or that it has made a serious, thoughtful...
David P. Kemp
dpkemp@...
Jun 7, 2001 4:07 pm
956
Let's assume that I use out of band information. The problem is that I in the Collaborative Domain (CD) have certain policies that I want to enforce, and the...
James A. Rome
jar@...
Jun 7, 2001 5:12 pm
957
... This suggests that "Capability Management System" or Infrastructure is also an accurate description for that which SPKI supports. Perhaps this is why ...
Tony Bartoletti
azb@...
Jun 7, 2001 6:18 pm
958
... Peter may be thinking about a discussion on the E Language list. Some of the references are: ...
Bill Frantz
frantz@...
Jun 7, 2001 6:40 pm
959
... Hash: SHA1 Jim, this is a great discussion. As usual, Dave is almost 100% on the money. The one place I disagree with him is at the end of his message. I...
Carl Ellison
cme@...
Jun 8, 2001 12:57 am
960
Since I am in a non-defense lab, we do not do (much) classified work, and do not have secure computers with MAC. :-(( I have often longed for something like a...
James A. Rome
jar@...
Jun 8, 2001 1:24 pm
961
... Hash: SHA1 ... You're right, it's possible to put great enforcement into the programming language, if you have an interpreted language and it's designed...
Carl Ellison
cme@...
Jun 8, 2001 2:22 pm
962
... [snip] ... I do agree. The point was whether "to trust" = "to rely upon". It tends to be so in the hypothetical, but although you might not trust that...
Tony Bartoletti
azb@...
Jun 8, 2001 6:08 pm
963
... [...] ... [...] ... i guess we could choose to either 1) continue debating and try to reach a closed-group consensus on the definitions of these...
