Web authentication
This presentation is the property of its rightful owner.
Sponsored Links
1 / 7

Web Authentication PowerPoint PPT Presentation


  • 44 Views
  • Uploaded on
  • Presentation posted in: General

Web Authentication. Need to authenticate to multiple web-based services Need to do this with both U-M and external web-based services Need to be able to use off the shelf browsers Want passwords to be more secure. Kerberos-X.509 Project. Start with, and enhance, MIT’s PKI-Kerberos work

Download Presentation

Web Authentication

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Web authentication

Web Authentication

  • Need to authenticate to multiple web-based services

  • Need to do this with both U-M and external web-based services

  • Need to be able to use off the shelf browsers

  • Want passwords to be more secure

CSG • Tucson • Feb 2000 • Slide 1


Kerberos x 509 project

Kerberos-X.509 Project

  • Start with, and enhance, MIT’sPKI-Kerberos work

    • which creates certificates basedon Kerberos authentication …

  • We build on existing U-M identity and authentication services

CSG • Tucson • Feb 2000 • Slide 2


Um enhancements

MIT design generated certificate with user interaction

MIT design required sending password to the certificate server once per session

MIT design worked only with Netscape Navigator

U-M obtains certificate without user action at Kerberos login

U-M generates certificate without sending password to certificate server

U-M works with Internet Explorer 5 (Win-32)

UM Enhancements

CSG • Tucson • Feb 2000 • Slide 3


Implementation steps

Implementation Steps

  • Make MIT certificate service codework in U-M environment

  • Make certificate generation automaticat Kerberos log in, and certificate installation invisible to the user

  • Make the capability cross-platform

CSG • Tucson • Feb 2000 • Slide 4


Description

Description

  • Use short-term certificates“Junk Keys”

  • Obtain certificates securely from CAKerberized CA server

  • For Authentication ONLY!not for encrypting; not for signing


Why junk keys

Why “Junk Keys”?

  • Revocation becomes a non-issue

  • Private Key storage is less problematic

  • Public Key sharing is not necessary


Status feb 00

Status • Feb/00

WORKING NOW:

  • Kerberos authentication to CA

  • No user interaction

  • IE 5 & Netscape Navigator on Win-32

    WORKING SOON:

  • Netscape Navigator on Macintosh

  • In-house pilot during March 2000

CSG • Tucson • Feb 2000 • Slide 7


  • Login