

Store
Devices Microsoft Surface PCs & tablets Xbox Virtual reality Accessories Windows
phone Microsoft Band Software Office Windows Additional software Apps All apps
Windows apps Windows phone apps Games Xbox One games Xbox 360 games PC
games Windows games Windows phone games Entertainment All Entertainment
Movies & TV Music Business & Education Business Store Education Store Developer
Sale Back-to-school essentials Sale Products
Software & services Windows Office Free downloads & security Internet Explorer
Microsoft Edge Skype OneNote OneDrive Microsoft Health MSN Bing Microsoft
Groove Microsoft Movies & TV Devices & Xbox All Microsoft devices Microsoft
Surface All Windows PCs & tablets PC accessories Xbox & games Microsoft Band
Microsoft Lumia All Windows phones Microsoft HoloLens For business Cloud
Platform Microsoft Azure Microsoft Dynamics Windows for business Office for
business Skype for business Surface for business Enterprise solutions Small business
solutions Find a solutions provider Volume Licensing For developers & IT pros
Develop Windows apps Microsoft Azure MSDN TechNet Visual Studio For students
& educators Office for students OneNote in classroom Shop PCs & tablets perfect
for students Microsoft in Education Support
Sign in


Research Research
o Research Home
o Research areas
 Algorithms
 Artificial intelligence and machine learning
 Computer systems and networking
 Computer vision
 Data visualization, analytics, and platform
 Ecology and environment
 Economics
 Graphics and multimedia
 Hardware, devices, and quantum computing
 Human-centered computing
 Mathematics







o
o
o
o
o



Medical, health, and genomics
Natural language processing and speech
Programming languages and software engineering
Search and information retrieval
Security, privacy, and cryptography
Social Sciences
Technology for emerging markets
Products & Downloads
Programs & Events
 Academic Programs
 Events & Conferences
People
Careers
About
 About
 Microsoft Research blog
 Asia Lab
 Cambridge Lab
 India Lab
 New England Lab
 New York City Lab
 Redmond Lab
 Applied Sciences Lab
Research areas
o Algorithms
o Artificial intelligence and machine learning
o Computer systems and networking
o Computer vision
o Data visualization, analytics, and platform
o Ecology and environment
o Economics
o Graphics and multimedia
o Hardware, devices, and quantum computing
o Human-centered computing
o Mathematics
o Medical, health, and genomics
o Natural language processing and speech
o Programming languages and software engineering
o Search and information retrieval
o Security, privacy, and cryptography
o Social Sciences
o Technology for emerging markets
Products & Downloads
Programs & Events
o Academic Programs
o



Events & Conferences
People
Careers
About
o About
o Microsoft Research blog
o Asia Lab
o Cambridge Lab
o India Lab
o New England Lab
o New York City Lab
o Redmond Lab
o Applied Sciences Lab
A Global Authentication Service without
Global Trust
April 1, 1986

Download PDF

Download PDF

BibTex
Authors

Andrew Birrell

Butler Lampson

Roger Needham

Mike Schroeder
Published In

IEEE Symposium on Security and Privacy
Publication Type
Inproceedings
Book Title
IEEE Symposium on Security and Privacy
Publisher
Institute of Electrical and Electronics Engineers, Inc.
© 1986 IEEE. Personal use of this material is permitted. However, permission to
reprint/republish this material for advertising or promotional purposes or for creating new
collective works for resale or redistribution to servers or lists, or to reuse any copyrighted
component of this work in other works must be obtained from the IEEE.

Abstract

Related Info
Abstract
This paper describes a design for an authentication service for a very large scale, very long
lifetime, distributed system. The paper introduces a methodology for describing authentication
protocols that makes explicit the trust relationships amongst the participants. The authentication
protocol is based on the primitive notion of composition of secure channels. The authentication
model offered provides for the authentication of “roles”, where a principal might exercise
differing roles at differing times, whilst having only a single “identity”. Roles are suitable for
inclusion in access control lists. The naming of a role implies what entities are being trusted to
authenticate the role. We provide a UID scheme that gives clients control over the time at which
a name gets bound to a principal, thus controlling the effects of mutability of the name space.
Related Info
Related Files
 word.doc
Research Areas
 Computer systems and networking
Research Labs
 Microsoft Research Lab - Redmond
Follow Microsoft Research


Follow @MSFTResearch

Share this page


Tweet

Learn

Windows

Office

Skype

Outlook

OneDrive

MSN
Devices

Microsoft Surface

Xbox

PC and laptops

Microsoft Lumia

Microsoft Band

Microsoft HoloLens
Microsoft Store

View account

Order tracking

Retail store locations

Returns

Sales & support
Downloads

Download Center

Windows downloads

Windows 10 Apps

Office Apps

Microsoft Lumia Apps

Internet Explorer
Values

Diversity and inclusion

Accessibility

Environment

Microsoft Philanthropies

Corporate Social Responsibility

Privacy at Microsoft
Company

Careers

About Microsoft

Company news

Investors

Research

Site map

English (United States)

Contact us

Privacy & cookies

Terms of use

Trademarks

About our ads

© 2016 Microsoft
​