Re: Authentication, Accreditation, and Reputation

On Sat, Aug 14, 2004 at 06:10:14PM -0400, John Glube wrote:
> Mark,
>
> I appreciate your comments.
>
> Okay, let's just go back to the 'big' picture for the
> moment and let me put forward the following for discussion:
>
> Reputation is the measure of an identities behavior. It can
> be based on observations concerning the identities past
> behavior.
>
> Here the question is does the identity send ham or spam?
>
> I suggest it can also be based on an agreement by the
> identity to comply with a set of standards concerning how
> it will behave, with rewards given and punishments received
> for failing to comply with the set of standards.
Basing a reputation on an agreement to preclude certain future behavior
is folly.  Reputation is earned through past behavior.  What you're
describing is trust, which may be based on reputation and/or a number of
other factors.  In your specific description above, that trust would
include not only reputation, but the reputation of and trust in the
enforcement mechanisms and agencies, as well as the trust in the
identity to modify its behavior in response to those enforcement
mechanisms being brought to bear.

Regardless of accreditation method, the stick is the enforcement.  Show
me an accreditation mechanism with a meaningful, punative enforcement
mechanism, and I'll support it. (note:  this does not include "but
you'll have to buy a new cert!" enforcements).

-- 
Mark C. Langston            GOSSiP Project          Sr. Unix SysAdmin
mark(_at_)bitshift(_dot_)org   http://sufficiently-advanced.net    
mark(_at_)seti(_dot_)org
Systems & Network Admin      Distributed               SETI Institute
http://bitshift.org       E-mail Reputation       http://www.seti.org