On Tue, Sep 21, 2004 at 05:12:57PM -0600, Steve Meyers wrote:
At our office building, our lazy building manager can't be bothered to
set up individual key cards to have access to their network rooms, etc.
A key card is just a key. Nothing more, nothing less. It is more easy
to change the lock (the card reader and its software) and therefore a
key card system is more flexible when keys are to be revoked or supplied.
There's nothing magic about keys. Anyone holding the key (and knowing
how + where to use it) can access the building.
As with any other key, you know nothing about who's holding it.
That's more like SPF. All you can tell is that the swipe was from a
certain company, you can't tell who.
All you know is that it was a certain card. That card may or may not
be giving you access. It may or may not be used by the rightful user.
Even if the card would imply some kind of authentication, that doesn't
mean it will give you access:
A) "We know you are john doe. You do not have access"
B) "We know you are john doe. You do have access"
C) "You are holding one of our keys. You do not have access"
D) "You are holding one of our keys. You do have access"
A and B: authenticated.
B and D: authorized.
D maybe implied, weak, authentication. "You are holding John's key so
we have sufficient trust to think you are John. For this room, that is
enough to authorize you to enter".
For A and B you'd need something else, such as a video camera, a keyboard
and voice recognition.
No, a fingerprint is not authentication. It is a key, somewhat hard to
separate from its rightful owner and keep fresh.
Alex
--
I ask you to respect any "Reply-To" and "Mail-Follow-Up" headers. If
you reply to me off-list, you'd better tell me you're doing so. If
you don't, and if I reply to the list, that's your problem, not mine.