A cross-layer SSO solution for federating access to kerberized services in the eduroam/DAMe network

Eduroam has become one of the main examples of network federations around the world, where hundred of institutions allow roaming end users to access the local network if they belong to any other eduroam member institution. In this context, this paper proposes how, once the end user is authenticated...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of information security 2012-11, Vol.11 (6), p.365-388
Hauptverfasser: Pérez-Méndez, Alejandro, Pereñíguez-García, Fernando, Marín-López, Rafael, López-Millán, Gabriel
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Eduroam has become one of the main examples of network federations around the world, where hundred of institutions allow roaming end users to access the local network if they belong to any other eduroam member institution. In this context, this paper proposes how, once the end user is authenticated by the network, she can access additional federated application services (beyond the web) by means of Kerberos, without deploying additional cross-realm infrastructures. With the support of existing eduroam architecture, this proposal prevents the end user from being fully authenticated by her home institution again to access the application services, which do not need to be modified. Finally, optional advanced authorization can be used to provide added value services to end users.
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-012-0174-5