1 / 7

Web Authentication

Web Authentication. Need to authenticate to multiple web-based services Need to do this with both U-M and external web-based services Need to be able to use off the shelf browsers Want passwords to be more secure. Kerberos-X.509 Project. Start with, and enhance, MIT’s PKI-Kerberos work

bunny
Download Presentation

Web Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Authentication • Need to authenticate to multiple web-based services • Need to do this with both U-M and external web-based services • Need to be able to use off the shelf browsers • Want passwords to be more secure CSG • Tucson • Feb 2000 • Slide 1

  2. Kerberos-X.509 Project • Start with, and enhance, MIT’sPKI-Kerberos work • which creates certificates basedon Kerberos authentication … • We build on existing U-M identity and authentication services CSG • Tucson • Feb 2000 • Slide 2

  3. MIT design generated certificate with user interaction MIT design required sending password to the certificate server once per session MIT design worked only with Netscape Navigator U-M obtains certificate without user action at Kerberos login U-M generates certificate without sending password to certificate server U-M works with Internet Explorer 5 (Win-32) UM Enhancements CSG • Tucson • Feb 2000 • Slide 3

  4. Implementation Steps • Make MIT certificate service codework in U-M environment • Make certificate generation automaticat Kerberos log in, and certificate installation invisible to the user • Make the capability cross-platform CSG • Tucson • Feb 2000 • Slide 4

  5. Description • Use short-term certificates “Junk Keys” • Obtain certificates securely from CA Kerberized CA server • For Authentication ONLY! not for encrypting; not for signing

  6. Why “Junk Keys”? • Revocation becomes a non-issue • Private Key storage is less problematic • Public Key sharing is not necessary

  7. Status • Feb/00 WORKING NOW: • Kerberos authentication to CA • No user interaction • IE 5 & Netscape Navigator on Win-32 WORKING SOON: • Netscape Navigator on Macintosh • In-house pilot during March 2000 CSG • Tucson • Feb 2000 • Slide 7

More Related