首页 | 本学科首页   官方微博 | 高级检索  
     


Providing EAP-based Kerberos pre-authentication and advanced authorization for network federations
Authors:Rafael Marí  n-Ló  pezAuthor Vitae,Fernando Pereñ  í  guez Author VitaeGabriel Ló  pez Author Vitae,Alejandro Pé  rez-Mé  ndez Author Vitae
Affiliation:
  • Dept. Information and Communications Engineering (DIIC), University of Murcia, 30100, Spain
  • Abstract:Kerberos is a well-known standard protocol which is becoming one of the most widely deployed for authentication and key distribution in application services. However, whereas service providers use the protocol to control their own subscribers, they do not widely deploy Kerberos infrastructures to handle subscribers coming from foreign domains, as happens in network federations. Instead, the deployment of Authentication, Authorization and Accounting (AAA) infrastructures has been preferred for that operation. Thus, the lack of a correct integration between these infrastructures and Kerberos limits the service access only to service provider's subscribers. To avoid this limitation, we design an architecture which integrates a Kerberos pre-authentication mechanism, based on the use of the Extensible Authentication Protocol (EAP), and advanced authorization, based on the standards SAML and XACML, to link the end user authentication and authorization performed through an AAA infrastructure with the delivery of Kerberos tickets in the service provider's domain. We detail the interfaces, protocols, operation and extensions required for our solution. Moreover, we discuss important aspects such as the implications on existing standards.
    Keywords:AAA   Authentication   Authorization   EAP   Kerberos   SAML   XACML
    本文献已被 ScienceDirect 等数据库收录!
    设为首页 | 免责声明 | 关于勤云 | 加入收藏

    Copyright©北京勤云科技发展有限公司  京ICP备09084417号