An Authentication and Authorization Infrastructure the PAPI System

  • Slides: 10
Download presentation
An Authentication and Authorization Infrastructure: the PAPI System

An Authentication and Authorization Infrastructure: the PAPI System

Index • An approximation to the solution • PAPI Architecture • JAVA – JWS

Index • An approximation to the solution • PAPI Architecture • JAVA – JWS • Possible Scenarios • Future works

Approximation: Working with E-Certificates Authentication Server Temporal Authentication E-certificates Advantages: data HTTP + E-certificate

Approximation: Working with E-Certificates Authentication Server Temporal Authentication E-certificates Advantages: data HTTP + E-certificate S 1 request §Temporal. Web access to authorized browser services E-certificate S 1 E-certificate §Allow mobile. S 2 users E-certificate S 3 Problems: Web page Web Server S 1 §Not transparent HTTP + E-certificate S 2 request §Password in browser §Choose Web page DB the right certified §Authentication adapted to user organizations Web for §Web servers not adapted Server S 2 this technology §Technology implemented in main web servers §Allow copy of valid certifies

Approximation: Partial Solutions No transparent -> encrypted cookies Problems: Advantages: z Web servers not

Approximation: Partial Solutions No transparent -> encrypted cookies Problems: Advantages: z Web servers not adapted -> Points of Access §Temporal access to authorized services Authentication Server §Domain problems in cookies §Allow copy of valid cookies §Allow mobile users Temporal to user §Authentication adapted Encrypt-cookies organizations data HTTP + Encry-cookie S 1 request adapted to web §Control access Web servers of browser information providers Encry-cookie §Transparent for. S 1 the user Encry-cookie S 2 Encry-cookie S 3 Web page HTTP request Point of Access Web page Web Server S 1

Approximation: Partial Solutions Domain problems in cookies -> Cookies served by PAs Authentication Server

Approximation: Partial Solutions Domain problems in cookies -> Cookies served by PAs Authentication Server Authentication data Temporal Signed-URLs Signed-URL Point of Access Encry-cookie Web browser Encry-cookie S 1 Encry-cookie S 2 Encry-cookie S 3 Signed-URL Encry-cookie Point of Access

Approximation: Partial Solutions z Copy of valid cookies -> Data base of cookies Short

Approximation: Partial Solutions z Copy of valid cookies -> Data base of cookies Short time expiration HTTP + Encry-cookie S 1 request Web Browser 1 DB of Enc-cookie HTTP request New Encry-cookie Enc-cook. S 1 Web page + New Enc-cook S 1 Web Browser 2 Encry-cookie S 1 Point of Access HTTP + Encry-cookie S 1 request Web page Colision Web Server S 1

Architecture of PAPI system §URL: K_priv SA (user code + server + path +

Architecture of PAPI system §URL: K_priv SA (user code + server + path + Exp. Time + sign time) Authentication Server Authentication data Temporal Signed-URLs Web browser Encry-cookies HTTP + Hcook+Lcook request Web page + New Hcook+Lcook DB of Hcook HTTP request Point of Access Web page Web Server S 1 §Hcook 1: K 1_PA (user code + server + path + Exp. Time + Random Block) §Lcook: K 2_PA (server + path + creation time)

JWS – JAVA compatibility Authentication Server User Credentials Signed URL Access point cookie. Loader.

JWS – JAVA compatibility Authentication Server User Credentials Signed URL Access point cookie. Loader. jnlp Web browser Encry-cookie S 1 Encry-cookie S 2 Signed URL Encry-cookie HTTPClass Encry-cookie Access Point

Scenarios Authentication Server Point of Access Web browser Point of Access Authentication Server Point

Scenarios Authentication Server Point of Access Web browser Point of Access Authentication Server Point of Access Web Server

Future works • Enhance PAPI compatibility with other technologies q A-Select q Shibboleth q

Future works • Enhance PAPI compatibility with other technologies q A-Select q Shibboleth q Athens • Include new type of clients q WIFI access q Kerberos q VPNs • Improve the administration tools

Authentication and Authorization Authentication is the process ofAuthentication and Authorization Authentication is the process of
Computer Security Passwords Authentication vs Authorization Authentication nComputer Security Passwords Authentication vs Authorization Authentication n
Authentication and Authorization The Grid Security Infrastructure andAuthentication and Authorization The Grid Security Infrastructure and
Realization of a Vision Authentication and Authorization InfrastructureRealization of a Vision Authentication and Authorization Infrastructure
ELIXIR Authentication and Authorization Infrastructure Requirements Beurs vanELIXIR Authentication and Authorization Infrastructure Requirements Beurs van
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
Authentication Authentication Basics Definition 11 1 Authentication isAuthentication Authentication Basics Definition 11 1 Authentication is
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
COEN 351 Authentication Authentication n Authentication is basedCOEN 351 Authentication Authentication n Authentication is based