Path: utzoo!utgpu!water!watmath!clyde!att!mtunx!rutgers!njin!princeton!udel!rochester!bbn!uwmcsd1!marque!uunet!mcvax!enea!ttds!draken!kth!sics!bengta
From: bengta@sics.se (Bengt Ahlgren)
Newsgroups: comp.protocols.iso
Subject: OSI Security Arch.: Peer-entity authentication
Keywords: security, authentication
Message-ID: <1965@sics.se>
Date: 2 Jun 88 17:53:35 GMT
Reply-To: bengta@sics.se (Bengt Ahlgren)
Organization: Swedish Institute of Computer Science, Kista
Lines: 22


I've read the ISO 7498 Addendum on Security Architecture carefully,
but I don't quite understand what "peer-entity authentication" means.
I see two possible interpretations of peer-entity authentication as a
service of the (N)-layer:

1. The (N)-entity authenticates its peer (N)-entity;

2. The (N)-layer offers an authentication service to the (N+1)-entity,
   that is, the (N+1)-entities are authenticated.

I also have some difficulty in understanding how the "user" fits in.
For example, a person wants to transfer a file from one open system to
another with FTAM. Can, for instance, the transport layer authenticate
the person for the other open system? Or is it always a task for the
application layer? Or is this completely outside the scope of OSI
security?
-- 
Bengt Ahlgren			Email:
SICS				bengta@sics.se,
Box 1263			bengta@sics.sunet (ean), or
S-164 28 KISTA, Sweden		...!mcvax!enea!sics!bengta