Again, this is an important consideration
and will be explored at length later in the book.
Trust
The concept of trust is pivotal in the IT security literature, and it
can certainly elicit interesting philosophical digressions. In this
context we will be much more prosaic, and we will simply de-
?¬?ne trust as the willingness of a subject to believe the claims asserted
by a certain other subject.If Alice trusts Bob, any claim
Bob will make will be considered true by Alice. There??™s that
It is who asserts the
digital identity that
determines whether
you will believe the
claims in it
Identities can be
self-asserted
116 Hints Toward a Solution
little matter of making sure that Bob is really who he says he is
and verifying that the claims are actually coming from Bob; but
after that is taken care of, Alice will believe just about anything.
Technically, that is not strictly true because Alice??™s trust for Bob
may be bounded only to certain areas. However, for the purpose
of the explanations in this text, we can safely think in terms of
unbounded trust.
Verisign says, via a certi?¬?cate, that this website is
???contoso.com???? Your browser is happy. Your government says,
via a dif?¬?cult to fake ID card, that you are over 21.
Pages:
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207