[335] in Kerberos
Re: Terminology
daemon@TELECOM.MIT.EDU (steiner@ATHENA.MIT.EDU)
Mon Mar 14 18:45:38 1988
From: steiner@ATHENA.MIT.EDU
To: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: Your message of Mon, 14 Mar 88 17:12:13 -0500.
Thing #1 (ticket without authenticator) is like a T pass or a
museum card. It says a certain person can use a certain service
for a certain period of time.
In practice, I can loan my museum card to my housemate, so in
order to make sure the museum card is being used by the right
person, the person's identity has to be verified. In real life,
that could be done using a photo ID or a signature. In Kerberos
it's done using Thing #2 (the authenticator).
Calling Thing #1 the ticket and Thing #2 the authenticator seems
okay, although as Steve says, usually real-life tickets can only
be used once.
The problem was that Thing #3 (authenticator + ticket) was also
called an "authenticator" in the code, which is bad.
I like Jerry's proposal of calling Thing #3 the same as what
you call Thing #1, when speaking loosely, but having a more
specific term when necessary. I also like the idea of having
the specific term being an adjective in front of "ticket". But
why "valid", why not "authenticated"?
(If you call Thing #3 a "validated ticket", then what's a
Thing #3 in which the identity in the authenticator and the
identity in the ticket don't match? An "invalid validated ticket"?
Besides, the ticket in and of itself is a perfectly valid thing;
it's its use that's either valid or invalid. A Thing #3 can only be
validated based on whether the authenticator and ticket match, like
getting a signed check validated in the grocery store.)
Either way, the problem of Thing #3 being referred to as an
"authenticator" in the code would still have to be fixed. Modified
nouns don't work very well in code (e.g., "authtkt" or "valtkt");
a new noun would be nicer. But there's no name for it in real life
either; what do you call combinations of airline ticket/passport,
or museum card/photo ID, or signed check/grocery ID? "Credentials"
might work, but unfortunately, it's used for something else in the
Kerberos code (the ticket/session key tuple, I think).
Jennifer
P.S. Why are we dealing with tickets at all? In the real
life analogies, the ticket carries authorization, and the
ID gives authentication. Whereas in Kerberos, all we're
accomplishing with ticket+authenticator is authentication. ??
