Skip to main content
SpringerLink
Log in

Anonymous Authentication (Transcript of Discussion)

  • Conference paper
Security Protocols (Security Protocols 2004)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3957))

Included in the following conference series:

  • 405 Accesses

Abstract

I’m going to start with the point which Dieter finished with yesterday, that Kerberos was originally intended to have three heads. The first was supposed to be an authentication mechanism, next there was supposed to be an authorisation or access control stage, and then there was supposed to be accounting, auditing and that kind of thing. My perception is that we did the first one, and we were half-way through doing the second one when public key cryptography came along. Then we all disappeared down a rabbit hole for twenty years, and we’ve just emerged now. The effect of public key was that we went back and did authentication again, but we never re-did authorisation, or did audit at all. Traditionally the authentication that’s associated with access control is a strong authentication, and it’s linked directly to the authorisation mechanism. The link between access and audit is indirect, and they’re linked via the identity that was used to do the authentication. There’s something not quite right about this. Even if (partial) anonymity isn’t a requirement, when you sit back and look at it dispassionately, it’s not the right way to do it. The fact that this isn’t quite right has some implications for system infrastructure that I want to raise.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Author information

Authors and Affiliations

  1. University of Hertfordshire, UK

    Bruce Christianson

Authors
  1. Bruce Christianson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, University of Hertfordshire, UK

    Bruce Christianson

  2. Computer Systems Group, Vrije Universiteit, Amsterdam, The Netherlands

    Bruno Crispo

  3. Georgia Institute of Technology, Atlanta, GA, USA

    James A. Malcolm

  4. Microsoft Research, Cambridge, UK

    Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Christianson, B. (2006). Anonymous Authentication (Transcript of Discussion). In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2004. Lecture Notes in Computer Science, vol 3957. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11861386_37

Download citation

  • DOI: https://doi.org/10.1007/11861386_37

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40925-0

  • Online ISBN: 978-3-540-40926-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation