Blog
Knol

The term privacy has at least two distinct connotations. First, the term is applied to the concept of freedom of action. Within the purview of United States law, the historic Roe versus Wade decision by the United States Supreme Court brought this concept of privacy into focus. Defined through the penumbra of more specifically stated rights within the Constitution of the United States, the right to privacy illuminated by this decision bears directly on the power of the individual to completely control certain aspects of personal interactions that they may engage in, devoid of any control by the state or other individuals. The right of a woman to terminate a pregnancy, specifically early in the pregnancy, is held to be inviolate. However, as the terminus of the gestation period approaches, the decision finds that there may be compelling state interests that would serve to limit the afore-mentioned right to privacy. Consequently, the result is a right with a fuzzy boundary.

A second aspect of the concept of privacy is control over the possession or dissemination of information. Within the provision of an environment for transactions, we tend to reference this latter definition more often. That is, privacy most often refers to the limitation of the details of a transaction, or even to the conduct of a transaction itself, to specific, denominated entities privy to the information. As we will discuss in significantly more detail in Chapter 6, this brings into perspective the actual ownership, and hence control of, information.

For the moment, we will focus on the idea that privacy implies a limitation on the visibility of information or processes involved in a transaction.

In the military, “Who are you?” can be a death or life question. This is why soldiers wear uniforms, also why they don’t completely trust uniforms and try to complement them with specific signals, or other means to make sure that the person really is whomever he or she claims to be, for example by providing a password.

By definition, transactions involve the participation of various entities. Some entities might be inanimate, and some might be humans. Transactions effected between two or more entities are constrained by specifications of policy that are directly linked to the identity of entities that participate in the transactions. For the moment, we will ascribe a definition to the term identity as being the unique differentiation of one entity from all others. If we are able to establish the identity of an entity from time to time and/or from place to place we say that we can authenticate the identity of the entity.

Knowing that the soldier is one of your own is usually not enough. Some are authorized to give orders, some to take them and a very few to ignore them. In the military, one way to signal authorization is by patching grades on the uniform. Some officers are authorized to transmit messages on the radio of a certain importance, and only them.

Once the identity of various entities involved in a transaction has been authenticated, another policy characteristic of a transaction that can then be effected is to allow various capabilities to be ascribed to the authenticated identity. This allowance of capability is termed authorization. The two most common processes required within any policy infrastructure are the authentication of identities and the authorization of capabilities to those authenticated identities.

We all know the game in which a chain of children pass a message to each other from one end of the chain to the other, to discover to their astonishment that the message is totally garbled as it reaches its destination. Avoiding this is the purpose of integrity techniques. For example, we can use two chains of children and compare the messages at the end, or ask each child to repeat the

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)