Re: [decentralization] "Single Sign-On" in Plan 9 4e
> Of possible interest to the list: the Bell Labs guys just released thePoints that struck me:
> 4th Edition of Plan 9. One of the most significant changes is an
> entirely new security architecture; it revolves around the notion of a
> per-user "factotum," a trusted software agent who holds and manages keys
> and authentication protocols on behalf of a "user" or other principal.
> The net effect of this is a kind of single sign-on across multiple
> services and security domains.
* emphasis on usability as a factor in security
* factoring out authentication code from _all_ user programs
* a simplified capabilities approach
* no "root" account. The nearest analog is less powerful than that.
The possibility of compromised user programs fooling the factotum into
authenticating them seems like a big vulverability.
Another weak part is that centralizing security in the factotum creates a
I really like the idea of having dedicated security modules in order to
allow complex security code to be factored into a single module.
In a way the new Plan 9 approach reminds of Magi's use of X.509 vs.
Groove-style webs of trust. I wonder if there is a general principle that
decentralized security just doesn't work? Don't know.