Kerberized Credential Translation: A Solution to Web Access Control
dc.contributor.author | Kornievskaia, Olga | en_US |
dc.contributor.author | Honeyman, Peter | en_US |
dc.contributor.author | Doster, Bill | en_US |
dc.contributor.author | Coffman, Kevin | en_US |
dc.date.accessioned | 2014-07-18T18:11:50Z | |
dc.date.available | 2014-07-18T18:11:50Z | |
dc.date.issued | 2001-02-12 | en_US |
dc.identifier.citation | Olga Kornievskaia, Peter Honeyman, Bill Doster, and Kevin Coffman, "Kerberized Credential Translation: A Solution to Web Access Control," February 2001. [USENIX Security Symposium, Washington, D.C. (August 2001)] <http://hdl.handle.net/2027.42/107891> | en_US |
dc.identifier.uri | https://hdl.handle.net/2027.42/107891 | |
dc.description.abstract | Kerberos, a widely used network authentication mechanism, is integrated into numerous applications, UNIX and Windows 2000 login, AFS, Telnet, and SSH to name a few. Yet, Web applications rely on SSL to achieve authenticated and secure connections. SSL provides strong authentication by using certificates and public key challenge response authentication. The expansion of the Internet requires each system to leverage the strength of the other, which suggests the necessity of interoperability between them. This paper describes the design, implementation and performance of a system that provides controlled access to Kerberized services through a browser. This system provides a single sign-on through Kerberos, which produces both Kerberos and public key credentials. The Web server uses a plugin that translates user's public key credentials to Kerberos credentials. The Web server's subsequent authenticated actions taken on a user's behalf are limited in time and scope. Performance measurements show how the overhead introduced by credentialed translation is amortized over the login session. | en_US |
dc.publisher | Center for Information Technology Integration | en_US |
dc.title | Kerberized Credential Translation: A Solution to Web Access Control | en_US |
dc.type | Technical Report | en_US |
dc.subject.hlbsecondlevel | Computer Science | en_US |
dc.subject.hlbtoplevel | Engineering | en_US |
dc.contributor.affiliationum | Center for Information Technology Integration | en_US |
dc.description.bitstreamurl | http://deepblue.lib.umich.edu/bitstream/2027.42/107891/1/citi-tr-01-5.pdf | |
dc.owningcollname | Electrical Engineering and Computer Science, Department of (EECS) |
Files in this item
Remediation of Harmful Language
The University of Michigan Library aims to describe library materials in a way that respects the people and communities who create, use, and are represented in our collections. Report harmful or offensive language in catalog records, finding aids, or elsewhere in our collections anonymously through our metadata feedback form. More information at Remediation of Harmful Language.
Accessibility
If you are unable to use this file in its current format, please select the Contact Us link and we can modify it to make it more accessible to you.