Using SESAME to Secure Web Based Applications on an Intranet
作者: Paul Ashley , Mark Vandenwauver , Joris Claessens
DOI: 10.1007/978-0-387-35568-9_21
关键词: Web application security 、 Intranet 、 Web server 、 World Wide Web 、 Enterprise information security architecture 、 Computer science 、 Web development 、 Web modeling 、 Web application 、 Web service 、 Computer security
摘要: The use of web technology within organisational Intranets is increasing. combination a standardised interface and the security features provided by TLS have made very attractive. however has some limitations, especially in its lack access control functionality. This paper focusses on alternatives to provide improved services based applications. SESAME architecture shown all services, with addition other such as service. Also because uses connection GSS-API which same paradigm used TLS, it be suitable replacement. Unfortunately servers browsers do not hooks for replacing technology, easily used. Two are therefore considered that overcome this limitation: new proposal before IETF extending carry attribute certificates hybrid solution built authors.
springer.com
core.ac.uk
sci-hub.st 参考文章(15)
Stephen Farrell, TLS extensions for AttributeCertificate based authorization ,(1998)
Mark Vandenwauver, Paul Ashley, Practical Intranet Security : Overview of the State of the Art and Available Technologies ,(2013)
A. Schiffman, E. Rescorla, The Secure HyperText Transfer Protocol RFC. ,vol. 2660, pp. 1- 45 ,(1999)
C. Neuman, J. Kohl, The Kerberos Network Authentication Service (V5) RFC. ,vol. 1510, pp. 1- 112 ,(1993)
T. Dierks, C. Allen, The TLS Protocol Version 1.0 IETF RFC 2246. ,vol. 2246, pp. 1- 80 ,(1999)
V. Samar, Single sign-on using cookies for Web applications workshops on enabling technologies infrastracture for collaborative enterprises. pp. 158- 163 ,(1999) , 10.1109/ENABL.1999.805192
J. Linn, Generic Security Service Application Program Interface, Version 2 RFC. ,vol. 2078, pp. 1- 85 ,(1997)
L. Montulli, D. Kristol, HTTP State Management Mechanism RFC2109. ,vol. 2109, pp. 1- 21 ,(1997)
S. Farrell, R. Housley, An Internet Attribute Certificate Profile for Authorization RFC. ,vol. 3281, pp. 1- 40 ,(2002)
Douglas E. Comer, Internetworking with TCP/IP ,(1988)