Identity vs Authorization vs Trust: I am not knowledgeable in this area, but it seems to me there are different concerns one might have, such as:
1. Identity: This person claims to be Jane Smith. Is that true? 2. Authorization: This person is authorized to log in to this account or buy beer or whatever. Is that true? 3. Trust: This person says X is true. Can we trust what this person says to be true? Either in the sense that the person is not knowingly lying or in the stronger sense that the person also has the knowledge or experience to be able to make the claim. What strategies are helpful when the person's real name is not available (but just a screen name or something)? All of these questions are interesting, but I find the third question, on Trust, particularly interesting at present. Best regards, Melissa ----- Dr. Melissa Rice, PhD Full Moon Technical Solutions, LLC 14202 60th Ave, NW Stanwood, WA 98292-4808 email: mailto:[email protected] phone: 360-654-0709 cell: 425-923-7713 Saturday, May 21, 2011, 5:03:14 PM, Kevin LaTona <[email protected]> wrote: KL> Hi Melissa, KL> That is how I look at OAuth. KL> I just spent a few days working on some code to work with AWS S3. KL> Which basically does a simple PUT request using a HMAC SHA signature. KL> This way AWS trust the request is coming in from who they think it is KL> at lets it in. KL> While working on this I started to notice my development server was KL> getting hit on from far off lands. KL> Woke me back up that yes, any open port is a door that some one is KL> going to try and knock on. KL> Regardless if if there might not be anything there for them. KL> So the topic idea of security is still pretty broad and It could make KL> a good meeting. KL> If we all can narrow it down to what the group might be most KL> interested in and who else might be able to talk about it. KL> -Kevin KL> On May 21, 2011, at 4:29 PM, Melissa Rice wrote: >> KL> Is there any interest from the group to do a meeting on security? >> Sounds interesting, but I would also be interested in the related >> issue of trust. >> Best regards, >> Melissa >> ----- >> Dr. Melissa Rice, PhD >> Full Moon Technical Solutions, LLC >> 14202 60th Ave, NW >> Stanwood, WA 98292-4808 >> email: mailto:[email protected] >> phone: 360-654-0709 >> cell: 425-923-7713 >> Saturday, May 21, 2011, 4:13:07 PM, Kevin LaTona >> <[email protected]> wrote: >> KL> Hi All, >> KL> Is there any interest from the group to do a meeting on security? >> KL> I have a friend who works for AT+T on security issues around >> OAuth but >> KL> he does not do Python. >> KL> Do we have anybody on the list that is into security in general >> and >> KL> could also talk at such a meeting? >> KL> -Kevin
