ietf-mxcomp
[Top] [All Lists]

RE: terminology: authentication / authorization

2004-07-08 14:29:28

On Thu, Jul 08, 2004 at 10:23:48AM -0700, Hallam-Baker, Phillip wrote:
| 
| Yes, and the MARId group continue to insist on calling a record that
| contains an authentication credential an authorization record. But
| this does not actually matter much, it just leads to fuzzy thinking.

Perhaps it depends on point of view.

From the sender's point of view, the record authorizes MTAs
to use the sender's name.

From the receiver's point of view, the record authenticates
MTAs as being permitted by the sender.

No, from the sender's point of view the record enables the MTA
to properly authenticate itself to third parties.

From the receiver's point of view enables a legitimate MTA
to be properly authenticated.

I think that the fact that your interpretation is context sensitive
and mine is not indicates that I have the correct definition.
The record is simply an authentication credential.

Whether the receiver then wants to authorize further
delivery is a policy matter dependent on reputation which
depends on (you guessed it) accreditation.

The receiver decides whether the transaction is permitted or
not, this is the authorization step. It is the only place
where a machine is executing a conditional instruction ergo
it is the only authorization step according to the standard
terminology.



<Prev in Thread] Current Thread [Next in Thread>