Abstract

Nowadays, network operators and educational and research communities are extending the access to their Internet application services to external end users by deploying, with other domains, the so-called identity federations. In these federations, end users use the identity and authentication credentials registered in their home organizations for accessing resources managed by a remote service provider. However, current identity federation solutions focus mainly on assisting network access and web services, while a significant number of services are left aside (e.g., SSH, FTP, Jabber, etc.). Taking advantage of the widespread adoption of Kerberos by current application services, this paper presents a solution to provide federated access to any kind of application service by using existing Authentication, Authorization and Accounting (AAA) infrastructures. The solution bootstraps a security association, in the service provider which enables the acquisition of a Kerberos credential to access the service. To link the end user authentication with the AAA infrastructure and the bootstrapping of the security association the solution uses the so-called Protocol for Carrying Authentication for Network Access (PANA).

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.