Loading ...
Sorry, an error occurred while loading the content.

Re: [decentralization] "Single Sign-On" in Plan 9 4e

Expand Messages
  • Lucas Gonze
    ... Points that struck me: * emphasis on usability as a factor in security * factoring out authentication code from _all_ user programs * a simplified
    Message 1 of 2 , Apr 30, 2002
    • 0 Attachment
      > Of possible interest to the list: the Bell Labs guys just released the
      > 4th Edition of Plan 9. One of the most significant changes is an
      > entirely new security architecture; it revolves around the notion of a
      > per-user "factotum," a trusted software agent who holds and manages keys
      > and authentication protocols on behalf of a "user" or other principal.
      > The net effect of this is a kind of single sign-on across multiple
      > services and security domains.
      >
      > http://plan9.bell-labs.com/sys/doc/auth.html
      >
      >
      > Ciao,
      >
      > jb

      Points that struck me:
      * emphasis on usability as a factor in security
      * factoring out authentication code from _all_ user programs
      * a simplified capabilities approach
      * no "root" account. The nearest analog is less powerful than that.

      The possibility of compromised user programs fooling the factotum into
      authenticating them seems like a big vulverability.

      Another weak part is that centralizing security in the factotum creates a
      tempting target.

      I really like the idea of having dedicated security modules in order to
      allow complex security code to be factored into a single module.

      In a way the new Plan 9 approach reminds of Magi's use of X.509 vs.
      Groove-style webs of trust. I wonder if there is a general principle that
      decentralized security just doesn't work? Don't know.

      - Lucas
    Your message has been successfully submitted and would be delivered to recipients shortly.