The term privacy has at least two distinct
connotations. First, the term is applied to the concept of freedom of action.
Within the purview of United States law, the historic Roe versus Wade
decision by the United States Supreme Court brought this concept of privacy
into focus. Defined through the penumbra of more specifically stated
rights within the Constitution of the United States, the right to privacy
illuminated by this decision bears directly on the power of the individual to
completely control certain aspects of personal interactions that they may
engage in, devoid of any control by the state or other individuals. The right
of a woman to terminate a pregnancy, specifically early in the pregnancy, is
held to be inviolate. However, as the terminus of the gestation period
approaches, the decision finds that there may be compelling state interests
that would serve to limit the afore-mentioned right to privacy. Consequently,
the result is a right with a fuzzy boundary.
A second aspect
of the concept of privacy is control over the possession or dissemination of
information. Within the provision of an environment for transactions, we tend
to reference this latter definition more often. That is, privacy most often
refers to the limitation of the details of a transaction, or even to the
conduct of a transaction itself, to specific, denominated entities privy to the
information. As we will discuss in significantly more detail in Chapter 6, this
brings into perspective the actual ownership, and hence control of,
information.
For the moment,
we will focus on the idea that privacy implies a limitation on the visibility
of information or processes involved in a transaction.
In the military,
“Who are you?” can be a death or life question. This is why soldiers wear
uniforms, also why they don’t completely trust uniforms and try to complement
them with specific signals, or other means to make sure that the person really
is whomever he or she claims to be, for example by providing a password.
By definition,
transactions involve the participation of various entities. Some entities might
be inanimate, and some might be humans. Transactions effected between two or
more entities are constrained by specifications of policy that are directly
linked to the identity of entities that participate in the transactions. For
the moment, we will ascribe a definition to the term identity as being the unique differentiation of one entity from all
others. If we are able to establish the identity of an entity from time to time
and/or from place to place we say that we can authenticate the identity of the entity.
Knowing that the
soldier is one of your own is usually not enough. Some are authorized to give
orders, some to take them and a very few to ignore them. In the military, one
way to signal authorization is by patching grades on the uniform. Some officers
are authorized to transmit messages on the radio of a certain importance, and only
them.
Once the
identity of various entities involved in a transaction has been authenticated,
another policy characteristic of a transaction that can then be effected is to
allow various capabilities to be ascribed to the authenticated identity. This allowance
of capability is termed authorization.
The two most common processes required within any policy infrastructure are the
authentication of identities and the authorization of capabilities to those
authenticated identities.
We all know the
game in which a chain of children pass a message to each other from one end of
the chain to the other, to discover to their astonishment that the message is
totally garbled as it reaches its destination. Avoiding this is the purpose of
integrity techniques. For example, we can use two chains of children and
compare the messages at the end, or ask each child to repeat the
|