Slide 10 of 14
Notes:
Slide Notes and Questions:
- What set of information does the User Org authorization message (AM) contain?
2. What set of information does the Broker authorization message (AM’) contain?
- What exactly is implied by “secure channel”?
- Are there any security issues?
5. What set of information does the User Org authorization certificate (CERT) contain? Is it signed with the
Application’s public key or with a shared secret between the Broker and the Application?
6. The reason why a secure channel is needed between the User Org and the Broker is because the AM and AM’
messages are not protected. The secure channel could be removed if AM and AM’ are sent as certificates signed
with some shared secret between the User Org and the Broker.
Tcs => User Org AAA server, User, IP addr of User, ts, lifetime, Kcs
Ks => User Org AAA server’s shared key with the KDC
Ac => name of User, IP addr of User, ts (New Ac must be generated per service request)
Kcs => Session key for User and User Org AAA server
