Slide 9 of 14
Notes:
Slide Notes and Questions:
- Requires the Application to have a relationship with the KDC and User Org.
- What set of information does the User Org authorization certificate (CERT) contain? Is it signed with the
Application’s public key or with a shared secret between the User Org AAA server and the Application?
3. Are there any security issues?
Tcs => Application, User, IP addr of User, ts, lifetime, Kcs
Ks => Application’s shared key with the KDC
Ac => name of User, IP addr of User, ts (New Ac must be generated per service request)
Kcs => Session key for User and Application
Tcs => User Org AAA server, User, IP addr of User, ts, lifetime, Kcs
Ks => User Org AAA server’s shared key with the KDC
Ac => name of User, IP addr of User, ts (New Ac must be generated per service request)
Kcs => Session key for User and User Org AAA server
