Slide 6 of 14
Notes:
Slide Notes and Questions:
- Requires the Application’s KDC to have a trust relationship with the User Org’s KDC.
2. What set of information does the Application authenticate message (ID) contain?
3. What set of information does the User Org authorization message (AM) contain?
4. What exactly is implied by “secure channel”?
- Are there any security issues?
6. The reason why a secure channel is needed between the Application and the User Org authorization server is
because the AM message is not protected. The secure channel could be removed if AM is sent as a
certificate signed with some shared secret between the Application and the User Org authorization server. Is the
ID message safe if it is sent in a non-secure channel?
Tcs => Application, User, IP addr of User, ts, lifetime, Kcs
Ks => Application’s shared key with the KDC
Ac => name of User, IP addr of User, ts (New Ac must be generated per service request)
Kcs => Session key for User and Application
