Advertisement

Secure World Wide Web access to server groups

  • A. Hutchison
  • M. Kaiserswerth
  • P. Trommler
Chapter
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT)

Abstract

Existing World Wide Web (WWW) security is organized around server specific realms. When several servers are interacted with in a secure manner, authentication information has to be provided for each server. Where separate servers co-operate to provide a set of distributed information as a server group, it is desirable to make authentication as transparent as possible. By extending the HyperText Transfer Protocol (HTTP) to include server group information it is possible for a user to only provide authentication information once for an entire group of servers. Although we have also implemented these extensions for the Basic and Digest Authentication schemes, we argue that Mediated Digest Authentication is most suitable for secure server group scalability.

Keywords

World Wide Web security authentication server group HTTP extension mediated digest authentication 

References

  1. Berners-Lee, T., Fielding, R., and Frystyk Nielsen, H., (1996) “Hypertext Transfer Proto-col - HTTP/1.0”, Internet Draft, Work in Progress,draft-ietf-http-v10-spec-05.txtGoogle Scholar
  2. Freier, A. O., Karlton, P., and Kocher, P. C.,“The SSL Protocol Version 3.0”, Internet Draft, Work in Progress,draft-freier-ssl-version3–01.txtGoogle Scholar
  3. Hostetler, J. L., Franks, J., Hallam-Baker, P., Luotonen, A., Sink, E. W., and Steward, L. C.,(1996)“A Proposed Extension to HTTP:Digest Access Authentication”, Internet Draft, Work in Progress,draft-ietf-http-digest-aa-03.txtGoogle Scholar
  4. Kristol, D. M., (1996)“Proposed HTTP State Management Mechanism”, Internet Draft, Work in Progress,draft-kristol-http-state-mgmt-00.txtGoogle Scholar
  5. Raggett, D.,(1995)“Meduared Dufesr Authentication”, Ubrerber Drafr,draft-ietf-http-mda-00.txt,Work in Progress,(expired)Google Scholar
  6. Rescorla, E., and Schiffman, A.,(1996)“The Secure HyperText Transfer Protocol”, Internet Draft, Work in Progress,draft-ietf-wts-shttp-01.txtGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 1996

Authors and Affiliations

  • A. Hutchison
    • 1
  • M. Kaiserswerth
    • 1
  • P. Trommler
    • 1
  1. 1.IBM Research DivisionZurich Research LaboratoryRüschlikonSwitzerland

Personalised recommendations