A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Using encryption for authentication in large networks of computers
Communications of the ACM
Certificate chain discovery in SPKI?SDSI
Journal of Computer Security
Compliance Checking in the PolicyMaker Trust Management System
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Distributed Authentication in Kerberos Using Public Key Cryptography
SNDSS '97 Proceedings of the 1997 Symposium on Network and Distributed System Security
Certificate-based access control for widely distributed resources
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Design of an Authentication Protocol for Gsm Javacards
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
Authentication for Distributed Web Caches
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
A Practical Distributed Authorization System for GARA
InfraSec '02 Proceedings of the International Conference on Infrastructure Security
A General and Flexible Access-Control System for the Web
Proceedings of the 11th USENIX Security Symposium
Authentication and access delegation with user-released certificates
Proceedings of the 2003 ACM symposium on Applied computing
Walden: A Scalable Solution for Grid Account Management
GRID '04 Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing
MARS: A Metascheduler for Distributed Resources in Campus Grids
GRID '04 Proceedings of the 5th IEEE/ACM International Workshop on Grid Computing
Mechanisms for increasing the usability of grid security
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
A multipurpose delegation proxy for WWW credentials
EuroPKI'05 Proceedings of the Second European conference on Public Key Infrastructure
Reducing the dependence of SPKI/SDSI on PKI
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Securing information gateways with derivation-constrained access control
SPC'06 Proceedings of the Third international conference on Security in Pervasive Computing
| Hi-index | 0.00 |
Kerberos, a widely used network authentication mechanism, is integrated into numerous applications: UNIX and Windows 2000 login, AFS, Telnet, and SSH to name a few. Yet, Web applications rely on SSL to estabilish authenticated and secure connections. SSL Provides strong authentication by using certificates and public key challenge response authentication. The expansion of the Internet requires each system to leverage the strength of the other, which suggets the importance of interoperability between them. This paper descirbes the design, implentation, and performance of a system that provides controlled access to Kerberized services through a browser. This system provides a singole sign-on that produces both Kerberos and public key credentials. The Web server uses a plugin that translates public key credentials to Kerberos credentials. The Web server's subsequent authenticated actions taken on a user's behalf are limited in time and scope. Performance measurements show how the overhead introduced by credential trnslation is amortized over the login session.