Wednesday, March 07, 2007
Kim's on a streakNow Kim's in a snit ("Dave Kearns, who is usually not without wisdom...") about my post from yesterday calling into question his statement that “No one and no service should ever act in a peron’s [sic] identity or employ their credentials when they’re not present. Ever.”
Why? Because, he continues:
The reality is, of course, that any trojan that can forge my delegated credentials can do the same. It matters not if the service (my "inbox" in this example) is acting AS me or ON BEHALF of me - the damage is the same. And, more importantly, I'm just as responsible. There is no difference.
Continuing the reality, my inbox - and Kim's inbox - continually masquerades as me (or, in his case, as Kim) in contacting the mail server(s). It doesn't present a token of delegation, it presents my credentials. If Kim is using a non-Microsoft inbox which works in some different way, he should reveal that.
The second example I gave, though, would stop working should a "delegation token" be substituted for the job server's ability to login as me. In addition to the authorizations associated with my account that it needs in order to operate it also needs the personalization information - those attribute-value pairs associated with my identity - in order to find the necessary files (both source and target) to complete the compile. Without that it simply doesn''t work - or else requires that information be replicated in multiple places - something that should never be necessary in a well thought out identity scheme.
While auditable delegation should be encouraged it is still not the best answer for all situations. Absolutist generalizations should play no part in an informed discussion. (he generalizes absolutely :)
Comments: Post a Comment
© 2003-2006 The Virtual Quill, All Rights Reserved Home