Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!sun-barr!decwrl!shelby!MIT.EDU!jon
From: jon@MIT.EDU (Jon A. Rochlis)
Newsgroups: comp.protocols.kerberos
Subject: Re: costs of kerberos and X.500
Message-ID: <8912192054.AA29662@DELWIN.MIT.EDU>
Date: 19 Dec 89 20:54:32 GMT
References: <1318@uakari.primate.wisc.edu>
Sender: daemon@shelby.Stanford.EDU
Organization: The Internet
Lines: 15


   $12.50/user/year for
   certificates means I'd be spending over 1 percent of my budget *just for
   authorization*.
   
It's even worse.  All you're sure of getting is "authentication" (i.e.
you know who you're talking to), but not necessarily "authorization"
(i.e. what you are allowed to do).  You might get authorization by
using certificates as capabilities, but X.509 does not address such
uses.  All you can count on for "sure" is authentication.  If you only
get authentication you still another system for managing your
authorization information (e.g. Athena's Moira Service Management
System).

		-- Jon