Callback Authorization

The use of Callback Authorization (context: communications security) is a mechanism to verify intent-to-act. It is useful when one agent requests an action of a second agent to be performed (for / in the name of / under the authority of) a third agent. While strong capability security can be obtained without this verification (e.g. via use of signed permits and certificates), the use of Callback Authorization makes possible the revocation of authority to act at any time. Further, it can only strengthen existing security mechanisms (e.g. it could easily be used in addition to permits).

By analogy, consider a constable carrying a search warrant or subpoena to your place of business. Wielding this search warrant, the officer will request (with all the force of a demand) that you provide records or allow them to examine the premises. The officer is requesting this action of you in the name of the state. You respect the authority of the state, but not this agent in particular (`ware! even if you did respect the agent, that way lies the confused sheriff problem. This action is in the name of the state, and ought to be handled as such even if the constable owns the company!). The subpoena or search warrant, the badge and dress... all represent, to you, that the constable possesses the necessary authority to motivate your action. In this situation, the first agent is the officer, the second is you (or your business), and the third is the state; the analogous 'Callback Authorization' would be to call the police office with the badge number and visual identity to determine that the officer isn't an impostor, and to call the commissioner to determine whether the subpoena is a forgery or has since been revoked. In real life, of course, such behavior would often be considered anal, annoying, and borderline paranoid... but also not entirely beyond reason (especially if you've faced complex espionage or social hacks before).

The cost of a Callback Authorization is not insignificant. It requires at least two additional communications actions (one to send a message to the third party, one to receive a response). For time-sensitive tasks in the presence of slow networks, disruption, or delay, this additional cost is intolerable. Because of this, for time-sensitive tasks at least, Callback Authorization ought to be rejected as a security mechanism in the presence of disruption or delay-tolerant networks. It can, however, still be profitably utilized as a secondary security mechanism, e.g. as a form of auditing to help establish network trust between agents. Such use would provide a social force among agents to ensure that they are 'honest' in their presentation.


What is meant by Callback Authorization:

Verification that a transaction has occurred between two parties resulting in agreement of Terms And Conditions which result in the authorization of a third party to complete an enabling, supporting transaction.

Or more generally: A Party receives request from second party to perform action for third party (third party may or may not be second party). Party verifies request by using its own method of contacting third party to determine whether the request is valid. - Joshua


In Java: A runtime customized module used to secure applications:

You can implement a callback by extending javax.security.auth.callback.CallBackHandler.by setting the property vbroker.security.authentication.callbackHandler= in the security property file. This is done just like any other callback handler. During runtime, this new customized module is loaded by the secured application.


At first I mistook this topic for the technique of having a bot call your telephone to verify an online transaction. This reduces the chance of bogus transactions because it would require the hacker to leave a phone trail, and possibly add area-code-based limiting.


Mentioned at: Twice And Only Twice


For the general topic of Callback see Observer Pattern.


See original on c2.com