And yet, despite all
those good properties, Internet scams thrive.
HTTPS, Authentication, and Digital Identity
The previous sections, ???Cryptography: A Minimal Introduction???
and ???HTTP and HTTPS: the King is Naked,??? describe common
problems and solutions that are applicable to all data communication
on the Internet, and speci?¬?cally the ones originated from
a browser. Gaining insight into those topics is important for truly
understanding the issues related to security and distributed systems,
but it??™s just a prerequisite for dealing with the problems
related to identity management.
Of all the possible browser-originated transactions, we are interested
in the ones in which a user attempts to be recognized by a
service; in other words, we are interested in authentication. To
be consistent, given the distinction we made in the section
???Passwords: Ascent and Decline??? between authentication and
blind credentials, we should probably relax the requirement and
say that we are interested in transactions in which the user (or
subject) transmits credentials to a service.
This is a point of key importance. In what we have seen of the
HTTP and HTTPS protocols so far, there is nothing that
addresses directly the problem of gathering, packaging, and
transmitting user credentials.
Pages:
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108