Naming

• Security requires identification Naming is very important because you need to identify the agents, activities and resources. Different kinds of naming system have different properties so it is important to understand what you need and what you have got.
  • Sameness "John Smith may read file X", "John Smith has asked to read file X". Is "John Smith" in the access rule the same person as "John Smith" in the request?
  • Distinctness "John Smith may not read file Y" but how do I know that X and Y are not two names for the same file?
• Comparing entities by comparing their names
  • Names are relative to contexts We may try hard to align the contexts so that names refer to the same entity from many contexts in order to create the illusion of a global context. It is essential to remember that this is an illusion constructed by agreement which could be subverted and not a logical necessity.
  • Generation and resolution processes We navigate through the naming system by generating and resolving names. Analysing this process can reveal the assumptions that lead to security weaknesses.
  • Federation Hierarchical names do not necessarily imply an authority hierarchy.
• Identifiers - what assumptions are being made? The term "identifier", and especially "unique identifier" is often used with inadequate explanation. Here are two properties that may have been assumed or required.
  • Not an alias - only name for entity in this context Needed to test distinctness, very hard to achieve on a large scale.
  • Not a homonym - name of only one entity in this context Needed to test sameness, "unambiguous" names; can be achieved in large scale decentralised naming systems.

Introduction ->1 ->2 ->3 ->4 ->5 ->6