Designing an Authentication System:
a Dialogue in Four Scenes
Copyright 1988, 1997 Massachusetts Institute of Technology. All Rights Reserved.
Originally written by Bill Bryant, February 1988.
Cleaned up and converted to HTML by Theodore Ts’o, February, 1997. An afterword describing the changes in Version 5 of the Kerberos protocol was also added.
Abstract
This dialogue provides a fictitious account of the design of an open-network authentication system called "Charon." As the dialogue progresses, the characters Athena and Euripides discover the problems of security inherent in an open network environment. Each problem must be addressed in the design of Charon, and the design evolves accordingly. Athena and Euripides don’t complete their work until the dialogue’s close.
When they finish designing the system, Athena changes the system’s name to "Kerberos," the name, coincidentally enough, of the authentication system that was designed and implemented at MIT’s Project Athena. The dialogue’s "Kerberos" system bears a striking resemblence to the system described in Kerberos: An Authentication Service for Open Network Systems presented at the Winter USENIX 1988, at Dallas, Texas.
Contents
Dramatis Personae
| Athena | an up and coming system developer. |
| Euripides | a seasoned developer and resident crank. |
Scene I
A cubicle area. Athena and Euripides are working at neighboring terminals.