Out-of-band federated authentication for Kerberos based on PANA

Autor: Alejandro Pérez-Méndez, Rafael Marin-Lopez, Gabriel Lopez-Millan, Fernando Pereniguez-Garcia
Rok vydání: 2013
Předmět:
Zdroj: Computer Communications. 36:1527-1538
ISSN: 0140-3664
DOI: 10.1016/j.comcom.2013.07.004
Popis: Nowadays, network operators and educational and research communities are extending the access to their Internet application services to external end users by deploying, with other domains, the so-called identity federations. In these federations, end users use the identity and authentication credentials registered in their home organizations for accessing resources managed by a remote service provider. However, current identity federation solutions focus mainly on assisting network access and web services, while a significant number of services are left aside (e.g., SSH, FTP, Jabber, etc.). Taking advantage of the widespread adoption of Kerberos by current application services, this paper presents a solution to provide federated access to any kind of application service by using existing Authentication, Authorization and Accounting (AAA) infrastructures. The solution bootstraps a security association, in the service provider which enables the acquisition of a Kerberos credential to access the service. To link the end user authentication with the AAA infrastructure and the bootstrapping of the security association the solution uses the so-called Protocol for Carrying Authentication for Network Access (PANA).
Databáze: OpenAIRE
Externí odkaz: