I never trusted trust

From the archives.

  • “It is often put simply that in e-business, authentication means that you know who you’re dealing with. Authentication is inevitably cited as one of the four or five ‘pillars of security’ (the others being integrity, non-repudiation, confidentiality and, sometimes, availability).
  • “To be a little more precise, let’s examine the functional definition of authentication adopted by the Asia Pacific Economic Co-operation (APEC) E-Security Task Group, namely the means by which the recipient of a transaction or message can make an assessment as to whether to accept or reject that transaction.
  • “Note that this definition does not have identity as an essential element, let alone the complex notion of ‘trust’. Identity and trust all too frequently complicate discussions around authentication. Of course, personal identity is important in many cases, but it should not be enshrined in the definition of authentication. Rather, the fundamental issue is one’s capacity to act in the transaction at hand. Depending on the application, this may have more to do with credentials, qualifications, memberships and account status, than identity per se, especially in business transactions.”

Making Sense of your Authentication Options in e-Business
Journal of the PricewaterhouseCoopers Cryptographic Centre of Excellence, No. 5, 2001.

See also https://lockstep.com.au/library/quotes.