As we’ve seen, having strong credentials is of little value if all they say is that the person who claims to be John Reborn is actually John Reborn. What if John Reborn has usurped that identity to start with? So we need to know how the credentials have been set up; we say provisioned in the trade. For credentials, there are several levels of trust. The first level is when the person establishes a credential, like in “My name is Suzy Doe.” Obviously, this has little credibility, even if today it’s the most used means of provisioning. One level up is “My name is Suzy Doe, and here is my credit card number.” What happens in this case is that the recipient computer can call the institution that has provided the credit card, and check that the bank indeed has issued a credit card of that number to that person. What this says, however, is only that somebody called Suzy Doe has had a credit card, not that the real Suzy Doe is talking. But if we consider that for assuming the name Suzy Doe the person had to also steal her credit card, then we know that the trust is higher in this case than when Suzy just spelled out her name. Now something else may have happen; namely, Suzy may have gone to the bank with a fake identity and got a credit card for her that way. In that case, the initial fraud was in the authentication at the bank. For that reason, there is yet another level of identity proof, which is based on the institution doing the provisioning. What the recipient computers do is inquiring directly with the computers of the company or agency that has identified the person to start with. But now we are entering a field of elaborate mathematics. The way this is done is that a well known institution publishes a number, called a public key, very widely, worldwide. That number is found everywhere, and cannot be mistaken. Everybody knows that this is the number corresponding to that institution. Now, using cryptographic techniques, it is possible for a computer to query the institution about the identity of a person. What the computer does is encrypt the query using the public key, in such a way that only the institution can understand the message, using what’s called their private key, a number that only they know, and which matches the public key. The institution can send back the information about the identity of a person in such a way that the recipient computer is sure that the message comes from the institution. For those interested in the technique, it is the reverse of what we just saw: the institution used its private key to encrypt the message, and the only way to decrypt it is with the public key. Since only the institution knows how to encrypt a message that way, the recipient knows that it comes from there. Now, you’re going to say, how can we know that the institution has properly identified the person? That’s a valid question, and that’s the crux of the matter. In fact, when the institution answers, it also includes information on how the identity was established. Was it based on simply receiving information from the person, or by seeing documents from the person, or by doing interviews with neighbors and such, or by doing an in-depth research such as those associated with military clearance? As we see, there is never a totally full proof way of identifying somebody, but we can reach high levels of trust, and that can be done via computer.

Once somebody is authenticated by a computer, it’s time to talk about authorization. What can that person do? In fact, there are many factors involved. The first is to know the role of the subject. To give the idea, we can consider the role of persons in a hospital. Obviously, doctor, nurses and administrators have different responsibilities associated with their role. Doctors can prescribe medication that nurses can administer. Most probably, neither doctors nor nurses can sign hospital expense bills, which is what administrators do. So we see that the role of the persons defines what they can do, and therefore it is an important generic element for specifying their authorization limits. Of course, in small hospital, some persons may have combined roles. Depending on the role in which they act, they’ll have different authorization levels. Another element to determine right on is whether the authorization is static or dynamic, which means whether the authorization details are always the same for that person, or whether they may change from one transaction to the next. For example, the nurse may be allowed to administer medication in general (that’s a static right), but for some medication, must ask a doctor in each case (that’s a

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)