1 / 10

An Authentication and Authorization Infrastructure: the PAPI System

An Authentication and Authorization Infrastructure: the PAPI System. Index. An approximation to the solution PAPI Architecture JAVA – JWS Possible Scenarios Future works. HTTP request. + E-certificate S1. Temporal E-certificates. Authentication data. Web page. HTTP request.

loring
Download Presentation

An Authentication and Authorization Infrastructure: the PAPI System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. An Authentication and Authorization Infrastructure: the PAPI System

  2. Index • An approximation to the solution • PAPI Architecture • JAVA – JWS • Possible Scenarios • Future works

  3. HTTP request + E-certificate S1 Temporal E-certificates Authentication data Web page HTTP request + E-certificate S2 E-certificate S1 E-certificate S2 E-certificate S3 Web page Approximation: Working with E-Certificates Authentication Server Advantages: • Temporal access to authorized services • Allow mobile users • Authentication adapted to user organizations • Technology implemented in main web servers Problems: • Not transparent • Password in browser DB • Choose the right certified • Web servers not adapted for this technology • Allow copy of valid certifies Web Server S1 Web browser Web Server S2

  4. Authentication data Temporal Encrypt-cookies HTTP request Encry-cookie S1 Encry-cookie S2 HTTP request Encry-cookie S3 + Encry-cookie S1 Web page Point of Access Web page Approximation: Partial Solutions Advantages: • Temporal access to authorized services • Allow mobile users • Authentication adapted to user organizations • Control access adapted to web servers of information providers • Transparent for the user Problems: • Domain problems in cookies • Allow copy of valid cookies • Web servers not adapted -> Points of Access • No transparent -> encrypted cookies Authentication Server Web Server S1 Web browser

  5. Authentication data Temporal Signed-URLs Signed-URL Encry-cookie S1 Encry-cookie S2 Encry-cookie Encry-cookie S3 Point of Access Point of Access Signed-URL Encry-cookie Approximation: Partial Solutions • Domain problems in cookies -> Cookies served by PAs Authentication Server Web browser

  6. HTTP request + Encry-cookie S1 HTTP request Web page Web page + New Enc-cook S1 Point of Access HTTP request Colision + Encry-cookie S1 Approximation: Partial Solutions • Copy of valid cookies -> Data base of cookies Short time expiration DB of Enc-cookie Web Browser 1 New Enc-cook S1 Encry-cookie S1 Web Server S1 Web Browser 2 Encry-cookie S1

  7. URL: K_priv SA (user code + server + path + Exp. Time + sign time) Authentication data HTTP request Web page Point of Access • Hcook1: K1_PA (user code + server + path + Exp. Time + Random Block) • Lcook: K2_PA (server + path + creation time) Architecture of PAPI system Authentication Server DB of Hcook Temporal Signed-URLs HTTP request + Hcook+Lcook Web browser Web Server S1 Web page + New Hcook+Lcook Encry-cookies

  8. JWS – JAVA compatibility Authentication Server Signed URLs Access point Signed URL User Credentials cookieLoader.jnlp Web browser Signed URL Encry-cookie S1 Encry-cookie S2 Encry-cookie Access Point HTTPClass Encry-cookie

  9. Authentication Server Authentication Server Authentication Server Authentication Server Point of Access Point of Access Point of Access Point of Access Point of Access Point of Access Web Server Web Server Scenarios Web Server Web browser

  10. Future works • Enhance PAPI compatibility with other technologies • A-Select • Shibboleth • Athens • Include new type of clients • WIFI access • Kerberos • VPNs • Improve the administration tools

More Related