A cross-layer SSO solution for federating access to kerberized services in the eduroam/DAMe network
Eduroam has become one of the main examples of network federations around the world, where hundred of institutions allow roaming end users to access the local network if they belong to any other eduroam member institution. In this context, this paper proposes how, once the end user is authenticated...
Gespeichert in:
Veröffentlicht in: | International journal of information security 2012-11, Vol.11 (6), p.365-388 |
---|---|
Hauptverfasser: | , , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | Eduroam has become one of the main examples of network federations around the world, where hundred of institutions allow roaming end users to access the local network if they belong to any other eduroam member institution. In this context, this paper proposes how, once the end user is authenticated by the network, she can access additional federated application services (beyond the web) by means of Kerberos, without deploying additional cross-realm infrastructures. With the support of existing eduroam architecture, this proposal prevents the end user from being fully authenticated by her home institution again to access the application services, which do not need to be modified. Finally, optional advanced authorization can be used to provide added value services to end users. |
---|---|
ISSN: | 1615-5262 1615-5270 |
DOI: | 10.1007/s10207-012-0174-5 |