"A customer making an on-line purchase should not be
impacted by whether they are using a cell phone or a laptop computer, as
long as each device can securely express the proper identity." |
Thus it should be possible to specify security requirements and policies
(e.g. relating to identity) in a technology-neutral manner, and then implement
specific mechanisms on each platform (cell phone, laptop, and so on) that
demonstrably conform to the requirements and policies. |
"Integration through the abstractions of a single security
model enables organizations to use their existing investments in security
technologies while communicating with organizations using different technologies." |
This means establishing a common level of abstraction at which the
diversity and heterogeneity of rival security devices and mechanisms disappears.
While this represents an attractive simplification, it also potentially
represents a dangerous reduction in biodiversity. An attack that is designed
at the appropriate level of abstraction might be able to overcome any security
mechanism that conforms to the common model. |
"A security token is a representation of security-related
information (e.g. X.509 certificate, Kerberos tickets and authenticators,
mobile device security tokens from SIM cards, username, etc.)"
"The subject of the security token is a principal (e.g.
a person, an application or a business entity) about which the claims expressed
in the security token apply. Specifically, the subject, as the owner of
the security token possesses information necessary to prove ownership of
the security token." |
In the case of a SIM card, the subject of the security token seems
to be the SIM card or the mobile phone. A further step seems to be required
to associate this token with a human subscriber.
In many business and social contexts, a principal can delegate authority
to an agent, which may involve lending the necessary tokens. The model
describes various scenarios for the exchange of tokens. But there also
needs to be a higher level of abstraction at which these scenarios can
be understood as different ways of achieving the same underlying business
security requirements. |
"An intermediary may add headers, encrypt or decrypt
pieces of the message, or add additional security tokens. In such situations,
care should be taken so that alterations to the message do not invalidate
message integrity, violate the trust model, or destroy accountability." |
Who is the caretaker? Can this be independently verified? |