Kerberized credential translation: Olution to web access control

Proceedings of the 10th USENIX Security Symposium

Volumn , Issue , 2001, Pages

  Kornievskaia, Olga ^a   Honeyman, Peter ^a   Doster, Bill ^a   Coffman, Kevin ^a  

^a UNIVERSITY OF MICHIGAN   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHENTICATION; INTEROPERABILITY; WEB SERVICES;

CHALLENGE-RESPONSE-AUTHENTICATION; NETWORK AUTHENTICATION; PERFORMANCE MEASUREMENTS; SINGLE SIGN ON; STRONG AUTHENTICATION; WEB APPLICATION; WEB SERVERS; WINDOWS 2000;

INTERNET PROTOCOLS;

EID: 85084164300     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (30)

1. Apache Software Foundation. Apache web server, http://www.pache.org.
2. M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis. The Key Note trust managment system version 2, September 1999. RFC 2704.
3. M. Blaze, J. Feigenbaum, and A. Keromytis Keynote: Trust management for public-key infrastructure. In Proceedings Cambridge 1998 Security Protocols International Workshop, 1998.
4. M. Blaze, J. Feigenbaum, and M. Strauss. Compliance checking in the PolicyMaker trust management system. In Proceedings of Second International Conference on Financial Cryptography, 1998.
5. D. Clarke, J. Elien, C. Ellison, F. Morcos and R. Rivest. Certificate chain discovery i / SDS. Draft aper, November 1999.
6. T. Dierks and C. Allen. The TLS protocol ver sion 1.0, January 1999. RFC 2246.
7. W. Dime and M. Hellman. New directions in cryptography. IEEE Transaction on Information Theory, 22:644-654, November 1976.
8. W. Doster, M. Watts, and D. Hyde. The KX.509 protocol. C Technical Report 012, February 2001.
9. Dousti. Project Minotaur: Kerberizing the Web, software at Carnegie Mellon University. http://andrew2.andrew.cmu.edu/minotaur.
10. C. Ellison, B. Frantz, B. Lampson, R. Rivest B. Thomas, and T. Ylonen. SPKI certificate theory, September 1999. RFC 2693.
11. ITU-T (formerly CCTT) Information technology Open Systems Interconnection. Recommendation X.509: The directory authentication framework, December 1988.
12. A. Freier, P. Karton, and P. Kocher. Secure Socket Layer 3.0, March 1996. nternet draft
13. A. Freier, P. Karton, and P. Kocher. The SSL protocol version 3.0, March 1996. Netscape Communications Corporation.
14. M. Hur and A. Medvinsky. Kerberos cipher suites in Transport Layer Security (TLS), May 2001. nternet draft
15. K. Jackson, S. Tuecke, and D. Engert. TLS delegation protocol February 2001. Internet draft
16. Microsoft Security Bulletin MS01-017. Erroneous VeriSign-issued digital certificates pose spoofing hazard, March 2001.
17. R. Needham and M. Shroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993-999, December 1978.
18. C. Neuman. Proxy-based authorization and accounting for distributed systems. In Proceedings of the 13th International Conference on Distributing Computing Systems, May 1993.
19. C. Neuman and T. Tso. Kerberos: an authentication service for computer networks. IEEE Communications 32(9):33-38, September 1994.
20. SideCar project. Software at Cornell University. http://www.it.rnelledu/erberos/sidecar.html
21. R. Rivest and B. Lampson. SDSI - A simple distributed security infrastructure. resented at CRYTO'96 Rump session, 1996.
22. R. Rivest, A. Shamir, and L. Adleman. A method of obtaining digital signatures and public key cryptosystems. Communications of the ACM, 21:120-126, February 1978.
23. T. Ryutov and C. Neuman. Representation and evaluation of security policies for distributed system services In Proceedings of the DISCEX, January 2000.
24. M. Sirbu and J. Chuang. Distributed authentication in Kerberos using public key cryptogra phy. In Symposium On Network and Distributed System Security, 1997.
25. D. Song. Kerberized www access http://www.monkey.org/~dugsong/krb-www
26. V. Staats. Kerberized TLS, June 2000. rivate communication.
27. Stone Cold Software. Apache Kerberos Module. http://stonecold.unity.ncsu.edu
28. M. Thompson, W. Johnson, S. Mudumbai G. Hoo, K. Jackson, and A. Essiari. Certificate based access control for widely distributed resources. In Proceedings of the 8th USENIX Security Symposium, August 1999.
29. S. Tueke, D. Engert, and M. Thompson. Internet X.509 public key infrastructure impersonation certificate profile, February 2001. nternet draft
30. B. Tung, C. Neuman, and J. Wray. Public key cryptography for initial authentication in Ker beros, April 2000. nternet draft