Identification

Previous page
Table of content
Next page

As mentioned earlier in the chapter, identity consists of the collective characteristics that make something distinct. To a computer, not much is needed who we are often distills to a name. Identity is often abstracted from an individual or user to a role or context. For example, security policies frequently have differing rules for administrators or members of specific workgroups. In these cases, a system may or may not know any more information about an entity, other than the fact that it is acting in a role ("This user is a supervisor") or from a particular context ("This user is at a public computer"). In every case, a system that requires identity must distinguish objects through the process of identifying them.

Let's consider a few concepts that are important in identifying things.

Addresses

All computers that are connected to a network are named in some way so that you can communicate with them. They have addresses, the most common of which is an IP address. Using addresses, the designers of IP made it possible to establish a connection to a predetermined host. Similarly, the places where we persistently store things are named with volume labels or paths, so that we can consistently find and use something we "put away." Addresses and paths are frequently used as a part of an identity. They may also compose a whole identity. As mentioned earlier, peer-to-peer systems often work behind gateways or firewalls that implement network address translation (NAT) or obtain their IP addresses through DHCP, making addresses potentially unsuitable as long term identifiers. Of course, if the system has a fixed host name in the domain name system, the fully qualified address can be used.

Namespaces

A namespace is an available pool from which to draw on in naming something; it must be sufficiently large to be able to distinguish one thing from another. IPv4 addresses are made up of 32 bits, making 4 billion addresses available in that namespace. Amazingly, because IP addresses are distributed in blocks, it has become necessary to enlarge the namespace by increasing the size of an IPv6 address to 128 bits. The Universally Unique Identifier (UUID) is another 128-bit identifier that is commonly used for discriminating between software classes or interfaces. The size of these spaces makes it possible to catalog quite a few things for a considerable amount of time. The size of the domain of things that need to be distinct and whether the identifier needs to be indelible are both important factors in identification.

Central and Local Identification

Central authorities might regulate identifiers to guarantee uniqueness or some other quality of the identifier. Because it's important that no two computers have the same address, Regional Internet Registries (RIR) such as the American Registry for Internet Numbers (ARIN) issue IP addresses. Similarly, organizations that support instant messaging, such as AOL and Microsoft, regulate the names that users can adopt.

Names that make up part of the Domain Name System are a useful and interesting mixture of a combined effort between centralized and localized systems. Part of the name is registered with a central authority, and the rest of it is left for you to decide. The registering authority makes certain that the domain you are registering is not in use by anyone else.

For example, a company might register the domain zzyxx.com. After registering, the company is assured that the domain is unique. Then, the company can assign individual names for computers. A computer can now be named mickey.zzyxx.com. As long as there are no other computers named mickey in the domain, then that computer has a unique name. With a domain, you can build other addressing or naming schemes. A Universal Resource Identifier (URI) permits you to name or address any Web resource, be it a Web page or peer-to-peer service. Email addresses are used successfully to uniquely identify individuals from among the large number of users.

Additional Information

Although we have focused on names as an identifier, an identity often needs to include much more information than a label. An identity minimally consists of as much information as it takes to make one member of the domain distinct from another. Additional information such as the groups one belongs to or other attributes might be necessary for a system to perform its work. In most cases, a system possesses its own conception of what an identity is.

As mentioned earlier in the chapter, it can be useful to be able to share an identity between systems or domains. This is a network identity. A network identity can be more convenient for its users and reduce the complexity of applications, which do not have to store and manage identities for themselves. However, in implementing network identities, it is important to partition information that comprises an identity so that systems obtain only the information they require.

Previous page
Table of content
Next page
JavaT P2P Unleashed
JavaT P2P Unleashed
ISBN: N/A
EAN: N/A
Year: 2002
Pages: 209
BUY ON AMAZON
GO! with Microsoft Office 2003 Brief (2nd Edition)
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
File System Forensic Analysis
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy