Anonymous Authentication (Transcript of Discussion)

  • Bruce Christianson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3957)


I’m going to start with the point which Dieter finished with yesterday, that Kerberos was originally intended to have three heads. The first was supposed to be an authentication mechanism, next there was supposed to be an authorisation or access control stage, and then there was supposed to be accounting, auditing and that kind of thing. My perception is that we did the first one, and we were half-way through doing the second one when public key cryptography came along. Then we all disappeared down a rabbit hole for twenty years, and we’ve just emerged now. The effect of public key was that we went back and did authentication again, but we never re-did authorisation, or did audit at all. Traditionally the authentication that’s associated with access control is a strong authentication, and it’s linked directly to the authorisation mechanism. The link between access and audit is indirect, and they’re linked via the identity that was used to do the authentication. There’s something not quite right about this. Even if (partial) anonymity isn’t a requirement, when you sit back and look at it dispassionately, it’s not the right way to do it. The fact that this isn’t quite right has some implications for system infrastructure that I want to raise.


Access Control Trust Management Access Control Policy Authentication Server Audit Trail 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Bruce Christianson
    • 1
  1. 1.University of HertfordshireUK

Personalised recommendations