My name is Rohit Khare, and I'm one of W3C's newest security mavens. I'm trying
to get a handle on what W3C will be producing in the near-term, and part of
that is synthesizing the reams of notes about what has already come and gone
here.
This scenarios list, however, has been quite quiet, and I was hoping there
would have been more progress on this. Without the right scenarios, we will be
lost; so please, everyone send in just one scenario to get this ball rolling.
Feel free to send in the exotic, sketchy ones, too...
Here's one of mine, off the top of my head:
Groupware for Issue-Tracking
----------------------------
Suppose we have an organization-wide issue database, say tech support. Here, we
want to be able to give people authenticated access to a shared listing service
by _context_ rather than personal identity. Anyone can post a report ({uid,
*}), but only some people can promote it to a bug report ({uid, SUPERVISOR}),
and only developers can close a bug record ({uid, DEVELOPER}). Obviously there
are several solution spaces:
Give every person only one role (BAD)
Create identities for each context and share the secret key among
signatories (insecure)
Prepare a separate key for every {uid, context} combination
(cumbersome)
Use separate certification hierarchies for each role (requires rooted
web of trust)
>From the last solution, we realize that we want to have typed identies in the
system, to say "yes, this is Jim" AND "yes, this is Jim as a SUPERVISOR" rather
than one or the other.
Now, I realize that the above story is shot through with all kinds of holes,
and in particular confounds the issue of what is the domain of the
key-certification and -management scheme and the connection-oriented problems
peculiar to the web, but I wanted to throw out just such a rough example,
instead of yet another secure checkwriting demo.
Thanks for your time,
Rohit Khare
khare@w3.org