Authentication and authorization infrastructures (AAIs): A comparative survey

Computers and Security

Volumn 23, Issue 7, 2004, Pages 578-590

  Lopez, Javier ^a   Oppliger, Rolf ^b   Pernul, Günther ^c  

^a UNIVERSITY OF MÁLAGA   (Spain)

^b eSecurity Technologies Rolf Oppliger   (Switzerland)

^c UNIVERSITY OF REGENSBURG   (Germany)

Author keywords

.Net passport; Attribute certificates; Authentication and authorization infrastructure; Identity management; Kerberos; Public key certificates

Indexed keywords

APPROXIMATION THEORY; ELECTRONIC COMMERCE; INTERNET; PROBABILITY; PROJECT MANAGEMENT; RISK ASSESSMENT;

ATTRIBUTE CERTIFICATES; AUTHENTICATION AND AUTHORIZATION INFRASTRUCTURE; IDENTITY MANAGEMENT; KERBEROS; PUBLIC KEY CERTIFICATES;

COMPUTER SYSTEMS;

EID: 8344266879     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2004.06.013     Document Type: Article

References (44)

1. Abadi M. On SDSI's linked local name spaces. In: Proceedings of 10th IEEE computer security foundations workshop; June 1997. p. 98-108.
2. Adams C, Lloyd S. Understanding public-key infrastructure: concepts, standards and deployment considerations. New Riders; 1999.
3. Ashley P, Vandenwauver M. Practical Intranet security-overview of the state of the art and available technologies. Norwell, MA: Kluwer Academic Publishers; 1999.
4. Biskup J, Brüggemann HH. The personal model of data: towards a privacy-oriented information system. Computers and Security 1988;7.
5. Bell DE, LaPadula U. Secure computer system: unified exposition and multics interpretation. Technical Report MTR-2997. MITRE Corp. Bedford, Mass; 1976.
6. Bellovin SM, Merritt M. Limitations of the Kerberos authentication system. ACM Computer Communication Review 1990;20:119-32.
7. Brewer DFC, Nash MJ. The Chinese wall security policy. Proceedings of the IEEE Symposium on Research in Security and Privacy 1989.
8. Clark DD, Wilson DR. A comparison of commercial and military computer security policies. Proceedings of the IEEE Symposium on Research in Security and Privacy 1987.
9. Dawson E, Lopez J, Montenegro A, Okamoto E. A new design of privilege management infrastructure for organizations using outsourced PKI. In: Fifth international conference on information security (ISC'02). Lecture notes in computer science, vol. 2433. Springer-Verlag; September 2002. p. 136-49.
10. Denning DE, Sacco G. Timestamps in key distribution protocols. Communications of the ACM 1981;24:533-6.
11. Diffie W, Hellman M. New directions in cryptography. IEEE Transactions on Information Theory 1976;IT-22(6):644-54.
12. Ellison C. Establishing identity without certification authorities. Proceedings of USENIX Security Symposium; 1996.
13. Ellison C. SPKI requirements. Request for Comments 2692, Network Working Group, Internet Engineering Task Force; September 1999.
14. Ellison C, Frantz B, Lampson B, Rivest R, Thomas B, Ylonen T. SPKI certificate theory. Request for Comments 2693, Network Working Group, Internet Engineering Task Force; September 1999.
15. Farrell S, Housley R. An Internet attribute certificate profile for authorization. Request for Comments 3281, Network Working Group, Internet Engineering Task Force; April 2002.
16. Feigenbaum J. Towards an infrastructure for authorization, Position article. In: Proceedings of USENIX workshop on electronic commerce-invited talks supplement; 1998. p. 15-9.
17. Ferraiolo D, Kuhn R, Chandramouli R. Role-based access controls. Norwood, MA: Artech House Publishers, in press.
18. Geer D. Risk management is where the money is. Digital Commerce Society of Boston; November 1998. 〈http:// catless.ncl.ac.uk/Risks/20.06. html#subj1〉.
19. Graham GS, Denning PJ. Protection principles and practices. In: Proceedings of the AFIPS spring joint computer conference; 1972. p. 417-29.
20. Harrison MA, Ruzo WL, Ullman JD. Protection in operating systems. Communications of the ACM. August 1976;19(8).
21. Housley R, Ford W, Polk W, Solo D. Internet X.509.public key infrastructure certificate and CRL profile. Request for Comments 2459, Network Working Group, Internet Engineering Task Force; January 1999.
22. Hwang J, Wu K, Liu D. Access control with role attribute certificates. Computer Standards and Interfaces March 2000;22:43-53.
23. ITU-T Recommendation X.509. Information technology. Open systems interconnection. The directory: authentication framework; June 1997.
24. ITU-T Recommendation X.509. Information technology. Open systems interconnection. The directory: public-key and attribute certificate frameworks; March 2000.
25. Kohl J, Neuman C. The Kerberos network authentication service (V5). Request for Comments 1510, Network Working Group, Internet Engineering Task Force; September 1993.
26. Kormann DP, Rubin AD. Risks of the passport single signon protocol. Computer Networks 2000;33:51-8.
27. Lampson BW. Protection. In: Proceedings of Princton conference on information and systems sciences; March 1971.
28. Microsoft. .NET Passport: balanced authentication solutions; December 2002.
29. Microsoft. Microsoft .NET Passport review guide; March 2003.
30. Nash A, Duane W, Joseph C, Brink D. PKI: implementing and managing e-security. McGraw-Hill; 2001.
31. NIST. Federal public key infrastructure technical specifications. Part A: requirements. Public Key Infrastructure Working Group, National Institute of Standards and Technology; January 1996.
32. Needham RM, Schroeder MD. Using encryption for authentication in large networks of computers. Communications of the ACM December 1978;21:993-9.
33. Needham RM, Schroeder MD. Authentication revisited. ACM Operating Systems Review 1987;21:7.
34. Oppliger R. Authentication systems for secure networks. Norwood, MA: Artech House; 1996.
35. Oppliger R. Security technologies for the world wide web. 2nd ed. Norwood, MA: Artech House Publishers; 2002.
36. Oppliger R. Microsoft .NET Passport: a security analysis. IEEE Computer July 2003;36(7):29-35.
37. Oppliger R, Pernul G, Strauss Ch. Using attribute certificates to implement role-based authorization and access control. In: Proceedings of the 4. Fachtagung Sicherheit in Informations-systemen (SIS 2000); October 2000. p. 169-84.
38. Pernul G. Information systems security: scope, state-of-the-art, and evaluation of techniques. International Journal of Information Management 1995;15(3):242-56.
39. Rivest RL, Lampson B., SDSI - a simple distributed security infrastructure; April 1996.
40. Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role-based access control models. IEEE Computer 1996;29(2):38-47.
41. Schiller JI. Secure distributed computing. Scientific American November 1994:72-6.
42. Shirey R. Internet security glossary. Request for Comments 2828, Network Working Group, Internet Engineering Task Force; May 2000.
43. Steiner JG, Neuman BC, Schiller JI. Kerberos: an authentication service for open network systems Position article Proceedings of the USENIX UNIX Security Symposium; August 1988.
44. Tung B. Kerberos: a network authentication system. Reading, MA: Addison-Wesley; 1999.