CCOW Support for Kerberos - PowerPoint PPT Presentation

1 / 7
About This Presentation
Title:

CCOW Support for Kerberos

Description:

CCOW Support for Kerberos Problem Statement: Application is CCOW User Link-compliant and uses Kerberos to connect to back end services Application needs Kerberos ... – PowerPoint PPT presentation

Number of Views:38
Avg rating:3.0/5.0
Slides: 8
Provided by: RobertSe153
Learn more at: http://www.hl7.org
Category:
Tags: ccow | kerberos | support

less

Transcript and Presenter's Notes

Title: CCOW Support for Kerberos


1
CCOW Support for Kerberos
  • Problem Statement
  • Application is CCOW User Link-compliant and uses
    Kerberos to connect to back end services
  • Application needs Kerberos service ticket
  • CCOW user at workstation may be different than
    user logged on to workstation's operating system
  • Application needs to obtain ticket for CCOW user,
    as opposed operating system user

2
Simplified Kerberos Architecture
Kerberized Service
3. Use Application
Kerberized Application
5. Use Service Ticket to Access Service
4. Get Service Ticket
Kerberos Distribution Center (KDC)
Client Operating System
1. Authenticate
2. Get Ticket Granting Ticket (TGT)
3
Ticket Facts
  • Tickets are bound to a service
  • Forwadable tickets can be used to get to a nested
    service
  • Tickets expire or can be used once (I.e., fast
    expiration)
  • Tickets are doubly encrypted
  • first so only authenticating application can
    decrypt
  • second so only service can decrypt

4
CCOW Kerberos Architecture
5. Use Service Ticket to Access Service
Kerberized Service
3. Use Application
Kerberized Application
4. Get Service Ticket
Context Manager
Authenticating Application
2. Get Ticket Granting Ticket (TGT)
1. Authenticate
Kerberos Distribution Center (KDC)
Client Operating System
5
CCOW Kerberos Details
Define a Get Kerberos Service Ticket context
action Action agent would effectively be the CCOW
authenticating application Based
inputs/outputs/errors on GSS-API specification
(RFC 1964) Keep this action Kerberos-specific as
generalization yields complexity
6
Kerberos Action Specification
Input Name CCOW Data Type Description
Flags ? Ticket granting service flags
Realm ? The requested realm ???
ServiceName ST Name of target service
IPAddresses ST (repeating) Address(es) for target service
Expiration TS Ticket expiration time
Output Name CCOW Data Type Description
Ticket ST (character-encoded binary per CCOW Arch. Spec) The service ticket
Error ? Error, if any (RFC1510)
7
Discussion
  • Need real use-cases and Kerberos knowledgeable
    engineers willing to work on this.
  • Can the solution also work for other
    authentication methods (Certificates, Biometrics,
    etc).
  • SAML ?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "CCOW Support for Kerberos" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!