1 / 7

A-Select: Hitchhiking in authentication space

A-Select: Hitchhiking in authentication space. Internet2 Member Meeting, Los Angeles, 30 October 2002. Ton Verschuren Innovation Management – SURFnet – NL Ton.Verschuren@SURFnet.nl. Rationale for A-Select. A-Select is a weblogin system like pubcookie Separation between authN and authZ

roger
Télécharger la présentation

A-Select: Hitchhiking in authentication space

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A-Select: Hitchhiking in authentication space Internet2 Member Meeting, Los Angeles, 30 October 2002 Ton Verschuren Innovation Management – SURFnet – NL Ton.Verschuren@SURFnet.nl

  2. Rationale for A-Select • A-Select is a weblogin system like pubcookie • Separation between authN and authZ • Better security thru stronger (local) authN • New authN methods shouldn’t bother apps • We’re looking for authN means that users already have: hitchhiking! • Differentiate between various levels of assurance

  3. A-Select overview Application User Filter A-Select Agent Local A-Select Server Remote A-Select Server Local Authentication Service Providers Remote Authentication Service Providers UDB

  4. Supported AuthN Service Providers (ASPs) • V 1.1 (now): • IP address • U/p thru RADIUS • Internet banking (banking card) • SMS (mobile phone) • V 1.2 (Nov/Dec): • LDAP • V 2.0 (?): • PKI

  5. Implementation • A-Select server: Java • Apache + Tomcat • Crypto: Cryptix • SHA1 hashes + RSA signatures • Filters for Apache and IIS • Memory cookies: • Ticket granting ticket (for SSO) • Application ticket • Redirection to ASP • UDB: • JDBC • LDAP (v1.2) • SSL recommended but not required

  6. Applications Authorisation Systems Back Office ? Authentication Systems What’s next: standardising on APIs? webISO

  7. More info • Soon on www.a-select.org • Functional & technical design + API • And now…a demo!

More Related