An Authentication and Authorization Infrastructure: the PAPI System.

Slides:



Advertisements
Similar presentations
Welcome to Middleware Joseph Amrithraj
Advertisements

Web Services Security Requirements Stephen T. Whitlock Security Architect Boeing.
Central Authentication Service (CAS). What is CAS? JA-SIG Central Authentication Service is an enterprise level, open-source, single sign on solution.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
FI-WARE Testbed Access Control temporary solution.
MyProxy: A Multi-Purpose Grid Authentication Service
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Architecture & Integration: CP v x Platforms: Windows NT sp5(6a)/Solaris 2.8 iWS Client(s) Netscape/IE 4.0+ Java Servlet Engine (Java Servlet API)
EFDA Federation PAPI based federation as a test-bed for a common security infrastructure in EFDA sites R. Castro, J. Vega, A. Portas, D. R. López, S. Balme,
The EC PERMIS Project David Chadwick
DATABASE APPLICATION DEVELOPMENT SAK 3408 The Web and DBMS.
Progress Report 11/1/01 Matt Bridges. Overview Data collection and analysis tool for web site traffic Lets website administrators know who is on their.
Multiple Tiers in Action
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Single Sign-On for Java Web Start Applications Using MyProxy Terry Fleury, Jim Basney, and Von Welch November 3, 2006.
APACHE SERVER By Innovationframes.com »
Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Session 11: Security with ASP.NET
National Computational Science National Center for Supercomputing Applications National Computational Science MyProxy: An Online Credential Repository.
System Architecture.  Windows Phone 7  Mobile Phone Application  User – End Perspective  Google App Engine  Administration Console  Handles authentication,
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
KX509: Leveraging Kerberos to Obtain Digital Certificates for Web Client Authentication University of Michigan Kevin Coffman Bill Doster.
11/16/2012ISC329 Isabelle Bichindaritz1 Web Database Application Development.
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
Copyright ©2012 Ping Identity Corporation. All rights reserved.1.
PAPI Points of Access to Providers of Information.
Building Security into Your System Bill Major Gregory Ponto.
® Gradient Technologies, Inc. Inter-Cell Interworking Access Control Across the Boundary Open Group Members Meeting Sand Diego, CA USA April 1998 Brian.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 11: Securing a Microsoft ASP.NET Web Application.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
Web Database Programming Week 7 Session Management & Authentication.
UMBC’s WebAuth Robert Banz – UMBC
CP476 Internet Computing CGI1 Cookie –Cookie is a mechanism for a web server recall info of accessing of a client browser –A cookie is an object sent by.
Grid, Web services and Taverna Machiel Jansen Richard Holland.
WEB SERVER Mark Kimmet Shana Blair. The Project Web Server Application  Receives request for web pages or images from a client browser via the internet.
PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
The PAPI System Point of Access to Providers of Information
Web2.0 Secure Development Practice Bruce Xia
Web Services Security Patterns Alex Mackman CM Group Ltd
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client.
PAPI-PERMIS Integration Project Proposal David Chadwick
PAPI 2 Distributed trust model and AA interoperability.
1 Introduction to Web Application Review. 2 Five Layers Architecture HTML, CSS, Java Script ASP.net User ’ s.dll, Nunit, Web Services ADO.net SQL Server,
JSP / Servlets and Beans
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
Gilda certificates. Certification Authority
EFDA-Fed: European federation among fusion energy research laboratories EURATOM/CIEMAT JET CEA R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A.
Srinivas Balivada USC CSCE548 07/22/2016.  Cookies are generally set server-side using the ‘Set-Cookie’ HTTP header and sent to the client  In PHP to.
562: Power of Single Sign-On in OpenEdge
SFS-HTTP: Securing the Web with Self-Certifying URLs
HMA Identity Management Status
CAS and Web Single Sign-on at UConn
AAI … but This talk is about the second 'A': Authorisation.
Cookies and Sessions in PHP
Viet Tran Institute of Informatics Slovakia
Addressing the Beast: Single Sign-On II
Kerberos: An Authentication Service for Open Network Systems
Dynamic DNS support for EGI Federated cloud
DATABASE LINK DISTRIBUTED DATABASE.
The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.
Security: Authentication & Authorization
Building Security into Your System
R. Castro, J. Vega, A. Portas, A. Pereira, S. Balme, A. Duarte,
Presentation transcript:

An Authentication and Authorization Infrastructure: the PAPI System

Index An approximation to the solution PAPI Architecture JAVA – JWS Possible Scenarios Future works

Approximation: Working with E-Certificates Web browser Authentication data Web Server S1 Web page Authentication Server Temporal E-certificates E-certificate S1 E-certificate S2 E-certificate S3 HTTP request + E-certificate S1 Web Server S2 HTTP request + E-certificate S2 Web page Problems:   Not transparent   Password in browser DB   Choose the right certified   Web servers not adapted for this technology   Allow copy of valid certifies Advantages:   Temporal access to authorized services   Allow mobile users   Authentication adapted to user organizations   Technology implemented in main web servers

Approximation: Partial Solutions No transparent -> encrypted cookies Web browser Authentication data Web Server S1 Web page Authentication Server Temporal Encrypt-cookies Encry-cookie S1 Encry-cookie S2 Encry-cookie S3 HTTP request + Encry-cookie S1 Point of Access HTTP request Web page z zWeb servers not adapted -> Points of Access Problems:   Domain problems in cookies   Allow copy of valid cookies Advantages:   Temporal access to authorized services   Allow mobile users   Authentication adapted to user organizations   Control access adapted to web servers of information providers   Transparent for the user

Approximation: Partial Solutions Domain problems in cookies -> Cookies served by PAs Web browser Authentication data Authentication Server Encry-cookie S1 Encry-cookie S2 Encry-cookie S3 Point of Access Point of Access Temporal Signed-URLs Signed-URL Encry-cookie

Approximation: Partial Solutions Web Browser 1 Encry-cookie S1 Point of Access z zCopy of valid cookies -> Data base of cookies Short time expiration Web Browser 2 Encry-cookie S1 HTTP request + Encry-cookie S1 Web Server S1 HTTP request Web page DB of Enc-cookie Web page + New Enc-cook S1 New Enc-cook S1 HTTP request + Encry-cookie S1 Colision

Architecture of PAPI system Web browser Authentication data Authentication Server Encry-cookies Temporal Signed-URLs Web page + New Hcook+Lcook HTTP request + Hcook+Lcook Point of Access Web Server S1 HTTP request Web page DB of Hcook   URL: K_priv SA (user code + server + path + Exp. Time + sign time)   Hcook1: K1_PA (user code + server + path + Exp. Time + Random Block)   Lcook: K2_PA (server + path + creation time)

JWS – JAVA compatibility Web browser User Credentials Authentication Server Encry-cookie S1 Encry-cookie S2 Access point Signed URLs Signed URL cookieLoader.jnlp Encry-cookie Access Point Signed URL HTTPClass Encry-cookie

Scenarios Web browser Web Server Authentication Server Point of Access Web Server Point of Access Authentication Server Point of Access Point of Access Authentication Server Authentication Server Point of Access Web Server Point of Access

Future works Enhance PAPI compatibility with other technologies  A-Select  Shibboleth  Athens Include new type of clients  WIFI access  Kerberos  VPNs Improve the administration tools

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.