RFC 1507 (rfc1507) - Page 3 of 119
DASS - Distributed Authentication Security Service
Alternative Format: Original Text Document
RFC 1507 DASS September 1993
of their identities. But whichever party speaks first reveals
information which can be used by the second (unauthenticated) party
to impersonate it. Longer sequences (often seen in spy movies)
cannot solve the problem in general. Further, anyone who can
eavesdrop on the conversation can impersonate either party in a
subsequent conversation (unless passwords are only good once).
Cryptography provides a means whereby one can prove knowledge of a
secret without revealing it. People cannot execute cryptographic
algorithms in their heads, and thus cannot strongly authenticate to
computers directly. DASS lays the groundwork for "smart cards":
microcomputers sealed in credit cards which when activated by a PIN
will strongly authenticate to a computer. Until smart cards are
available, the first link from a user to a DASS node remains
vulnerable to eavesdropping. DASS mechanisms are constructed so that
after the initial authentication, smart card or password based
authentication looks the same.
Today, systems are constructed to think of user identities in terms
of accounts on individual computers. If I have accounts on ten
machines, there is no way a priori to see that those ten accounts all
belong to the same individual. If I want to be able to access a
resource through any of the ten machines, I must tell the resource
about all ten accounts. I must also tell the resource when I get an
eleventh account.
DASS supports the concept of global identity and network login. A
user is assigned a name from a global namespace and that name will be
recognized by any node in the network. (In some cases, a resource
may be configured as accessible only by a particular user acting
through a particular node. That is an access control decision, and
it is supported by DASS, but the user is still known by his global
identity). From a practical point of view, this means that a user
can have a single password (or smart card) which can be used on all
systems which allow him access and access control mechanisms can
conveniently give access to a user through any computer the user
happens to be logged into. Because a single user secret is good on
all systems, it should never be necessary for a user to enter a
password other than at initial login. Because cryptographic
mechanisms are used, the password should never appear on the network
beyond the initial login node.
DASS was designed as a component of the Distributed System Security
Architecture (DSSA) (see "The Digital Distributed System Security
Architecture" by M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson,
1989 National Computer Security Conference). It is a goal of DSSA
that access control on all systems be based on users' global names
and the concept of "accounts" on computers eventually be replaced
with unnamed rights to execute processes on those computers. Until
Kaufman