Gic Chic: Who are you?

Technology is my life. Or, at least, my livelihood.

I like to think of myself as somewhat competent. I like to believe that what I think about technology matters. This forum provides the opportunity to voice my thoughts in a less formal way that just may, nonetheless, prove valuable to those in the know.

At least this way I can believe it so, regardless.

Gic Chic

Wednesday, June 09, 2004

Who are you?
As previously mentioned, the concept of trust is inextricably dependent on the concept of identity. If the statement concerning the probabilistic nature of authentication is accurate, how can we ever hope to move past it to the more valuable concept of trust?

Authentication mechanisms are often described along a number of perspectives. The first perspective is upon what basis the authentication is claimed. It is traditionally accepted that the valid bases are what a claimant knows, (knowledge), what a claimant has, (possession), and what a claimant is, (being). Generally, the more of these that can be authenticated, the higher the level of confidence we place in the claimed identity. There are two other perspectives that are less often acknowledged, but that have significant impact on the ability to authenticate a claimed identity.

The first is the channel across which the authentication occurs. For example, confirming that a person knows a password both by requesting that they enter it into a computer, and then speak it into a voice recognition system via telephone greatly improves authentication, even ignoring the possibility that the voice recognition system could also serve as a basis for authenticating “being”.

The second is the possessor of the authentication claim. There is no requirement that the claimant and validator are the only participants in the process of authentication-other participants could be used to provide indirect evidence of the claim. For example, a coworker could be called by a validator to verify that the claimant was indeed at their specified location and attempting to make a claim to the validator.

This hierarchical authentication could continue an arbitrary number of levels as required to satisfy the level of authentication required. Collectively, these three vectors form a space in which a mathematical model can be applied that determines a quantifiable “trust” of the identity via the collection of authentication mechanisms.

Hmm. It seems the word “trust” has slipped into the concept of authentication. Now that we have created a tangled hierarchy, it just might be interesting to see how far down this spiral we can go….
- posted by Terry Cowart @ 4:22 AM

Comments: Post a Comment

<< Home

About Me