Upload File

web application authentication with pki & other functions bill weems & mark b. jones...

  • Home
  • Documents
  • Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston
9
Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston

Upload: matthew-matthews

Post on 24-Dec-2015

212 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston

Web Application Authenticationwith PKI & Other Functions

Bill Weems & Mark B. JonesAcademic Technology

University of Texas Health Science Center at Houston

Page 2: Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston

Ideally,  individuals would each like a single digital credential that

can be securely used to authenticate his or her identity

anytime authentication of identity is required to secure any

transaction.

Page 3: Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston

• How do you prove you are who you say you are?

• How do you know that someone is legitimate in his or her dealings with you, and how do you get redress if things go wrong?

• If your identity is stolen and used fraudulently, or personal records are altered without your knowledge or permission, how do you prove that it was not you?

• It is difficult enough to verify someone's identity in the tangible world where forgery, impersonation and credit card fraud are everyday problems related to authentication.

• Such problems take on a new dimension with the movement from face-to-face interaction, to the faceless interaction of cyberspace.

Identity and Authentication by Simon Rogerson

Page 4: Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston

UTHSC-H Strategic Authentication Goals

• Two authentication mechanisms.– Single university ID (UID) and password– Public Key Digital ID on Token (two-factor authentication)

• Digital Signatures– Authenticates senders– Guarantees messages are unaltered, i.e. message integrity– Provides for non-repudiation– Legal signature

• Encryption of email and other documents• Highly Secure Access Control• Potential for inherent global trust

Page 5: Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston

Plug n Play Authentication

• Programmatic Signed and Encrypted mail

• Plug n Play authentication with JSP

Page 6: Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston

Mass Mailing of Signed & Encrypted E-mail

Automated Mailer

Mailing List

[email protected]@[email protected] [email protected]

&Encrypted

LDAP Directory

Service

Request Recipient's

Digital Cert.

User SpecificMessages [email protected]

[email protected]

Page 7: Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston

Plug n Play Authentication

<% request.setAttribute("authenticationMethod","certificate"); %><% request.setAttribute(“authorizationGroup",“ADMIN_Staff"); %><%@ include file="/jsp/auth/AuthX.jsp" %>

• Application or Page level authX• Authentication Method (optional)

– Password (default)– Certificate

• Authorization Group (optional)– LDAP Group (with distributed group administration)

Page 8: Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston

Plug n Play Authentication

• Client requests a resource (URL)– Resource redirects to AuthX.jsp in cert. protected directory

• Web Server– requests client certificate– Validates client certificate– Parses email address from certificate and looks up the user in the directory– Compares the client certificate to the ‘userCertificate’ stored in the

directory based on the email address– Sets ‘Remote User’ to the ‘UID’ value from the directory– Allows client to access AuthX.jsp

• AuthX.jsp– Retrieves the ‘Remote User’ variable and assumes successful

authentication– Verifies that the user is in the authorization group if specified– Redirects back to the originally requested resource

Page 9: Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston

ClientBrowser

Web Server

CertificateProtecteddirectory

HTTP Request

Directory

Resource(UserAdmin.jsp)

RequestUser Certificate

AuthX.jsp

CertificateValidation

Plug n Play Authentication


Authentication and Authorization Infrastructures: Kerberos vs. PKI

Technical Interface Description - MDM Portal · 2019. 4. 16. · authentication via HTTPS [URL] [HTTPS]. For this client authentication, X.509-compliant certificates are used [PKI]

ePrescribing, Results and My Health Record for ... · Apply for a NASH PKI Certificate The National Authentication Service (NASH) Public Key Infrastructure (PKI) Certificate is used

CISC 322 - research.cs.queensu.ca€¦ · Internet application security (SSL,PKI) Authentication and Authorization in Java (JAAS) 14 . ICDE Security Requirements Authentication of

CA Auth ID PKI - CA Support Online Advanced Authentication 8 0-ENU... · Web and VPN authentication Web applications and Web-based VPN requiring authentication can use the ArcotID

Intel® Identity Protection Technology with PKI Secure · PDF fileIntel® Identity Protection Technology with PKI (Intel® IPT with PKI) Technology Overview ... 5.3 VPN Authentication

Julius & Shellie Weems

Unified PACS with PKI Authentication, to Assist US ... FICAM Platform.pdf · Unified PACS with PKI Authentication, to Assist US ... SAFEnet incorporates access control , alarm management,

CSI –CommonSecurityInfrastructure GTP … · • Single Sign-On -PKI • Mutual authentication • Access control • Delegation of credentials • Communications encryption •

AeroMACS PKI Certificate Policy WG-S 9/WP05.1... · Web viewPerforming Identification and Authentication Functions The application will be subject to identification and authentication

FIDO, PKI & beyond: Where Authentication Meets Identification

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005

Carrie mae weems

Authentication and Authorization Infrastructures: Kerberos vs. PKI · 2010. 8. 27. · (PKI and PKI-based AAIs 1/2)! 2000 eSECURITY Technologies Rolf Oppliger Slide 6!C. Adams and

1 Grid Security: PKI Based Authentication Infrastructure M.Effatparvar Fall 1391

KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -Tokyo Seminar -Kim

Kanerva vs. Weems

DFN-PKI Certificate Policy...CP of the DFN-PKI Page 7/29 V2.2 1.4 Certificate usage 1.4.1 Appropriate certificate usage Certificates issued as part of the DFN-PKI can be used for authentication,

Grid Security: PKI Based Authentication Infrastructure

eToken PKI Client - CPO · The eToken PKI Client enables the implementation of strong two-factor authentication using standard certificates as well as encryption and digital signing

IS404 Access Control, Authentication and Public …itt-tech.info/wp-content/uploads/2016/09/IS404_9...IS404 Access Control, Authentication and Public Key Infrastructure (PKI) [Onsite]

PKI for Electronic Commerce · Policy Security & Policy Web Content & Applications Web Content ... • Sign-on to Web servers via Basic Authentication, Digest Authentication, and

CSCE 790 Secure Computer Systems PKI and …zeng1/csce790-s20/slides/07-PKI...Previous class… CSCE 790 – Computer Systems Security 5 How to achieve authentication and data integrity

GlassFish OpenSSO CAC Authentication Deployment ... · GlassFish OpenSSO CAC Authentication Deployment Configuration Guide ... Load the OCSP Signing Certificate and DoD CA PKI Root

TrustedX Autenticación PKI - Whitepaperv1 · TrustedX PKI Authentication 15/07/2013 LABS.SAFELAYER.COM 7 Figura 1-2. Arquitectura del sistema. En cuanto a la integración con las

2960-datasheet-1 - DrayTek Vigor · LDAP/Active Directory NAT-Traversal (NAT-T) PKI Certificate IKE Authentication Authentication Encryption RADIUS Client DHCP over IPSec GRE over

PKI/e-Authentication Advancement: Evaluation Reportmddb.apec.org/.../TEL/TEL40-SPSG/09_tel40_spsg_003.pdf · 2009/TEL40/SPSG/003 Agenda Item: 3a PKI/e-Authentication Advancement:

Mann, Bey, Weems

PKI NBP – Certification Policy for “ESCB Authentication ...3.3 Identification and Authentication for Re-key Requests 7 3.3.1 Identification and authentication requirements for

Secure SDN Authentication - Internet Engineering … SDN Authentication| Hosnieh Rafiee | SDNRG 4 Only Operator admin need to control the PKI model 1- Each Tenant controls the informatio

Integrating PKI and Kerberos Authentication services Alberto Pace

Why PKI & the 4BF - ists.dartmouth.edu · ATM card + PIN (have + know) • 2 x Single Factor Authentication Two Factor Authentication ... authentication and authorization. • Users

1 Network Authentication with PKI EDUCAUSE/Dartmouth PKI Summit July 27, 2005 Jim Jokl University of Virginia

Intro to PKI and authentication

PKI: Glue of Middleware Michael R Gettes, Duke University CAMP Enterprise Authentication Michael R Gettes, Duke University CAMP Enterprise Authentication