Summary

 

This paper discusses the design, implementation, and performance of a new system for access control on the web. The author discusses the previous work: passwords, Kerberos, and the cons and pros for password and Kerberos. We have known that the problem of passwords and Kerberos is that they lack interoperability. So the author suggests a new approach. The system is based on the ideas of PCA (proof-carrying authorization). The user collects the proofs, and AF logic is used to check proofs from all the clients, regardless of the method they used to generate the proof or the proof’s structure. The PCA can satisfy the goal of interoperability. The author also discusses other aspects: ease of implementation, efficiency and convenience to the user. An example is given in the paper to help us understand how it works. Finally, some optimization techniques are discussed: speculative proving and caching.

 

Cons:  1) This approach is more intuitive, it is similar to the scenario in the real world. Suppose that you want to access some secrete file in office 123. You are required to show some pass to enter that building. Then you are required to show another pass to enter office 123……..

2) It is more secure than some traditional password checking method. You are given more information only after you have successfully passed the initial checks.

3) The idea is kind of refreshing after reading a lot of papers on Kerberos, password checking…..

 

Pros: 1) The size of proof required could increase exponentially, so the scalability is a big problem.

2) The algorithm is not explained very clearly. For example, some notation in Logic is not well explained; it is not clear which assumption will be discarded and retry the proof process.

3) The PAC can not be used to deal with complex security policies. Imagine how many proofs you have to fetch if the security policies are complex!

4) There are still a lot of challenges and problems for this kind of system. Whether or not it is a applicable solution is still not clear.

 

Voting result: Strong accept :2

                       Accept: 7

                       Reject: 0

                       Strong reject: 0