Abstract
The goal of this paper is to identify and describe the services necessary to build a secure corporate intranet and to show how prototypical implementations of these components can be realized to evaluate different approaches and configurations. The paper presents an architectural framework, which identifies the core services necessary for a secure Internet-based communication and information infrastructure. We focus on the authentication service, which is responsible for authenticating users and services. We then show how security infrastructures can be developed and tested using the rapid prototyping environment Wafe and the extensible Web browser Cineast. We explain how basic operations such as secure transfer and certificate acquisition can be realized and demonstrate the implementation of different certificate validation strategies.
Chapter PDF
References
American National Standards Institute (1995) Accredited Standards Committee X9 Working Draft: American National Standard X9.57 Certificate Management, American Bankers Association.
Benloh, J., Lampson, B., Simon, D., Spies, T. and Yee, B. (1995) The Private Communication Technology Protocol, Internet Draft (Work in progress).
CCITT (1989) Recommendation X.509, The Directory—Authentication Framework. Blue Book — Melbourne 1988, Fascicle VIII. 8: Data Communication networks: Directory, International Telecommunications Union, Geneva, Switzerland.
Ellison, C., Frantz, B. and Thomas, B. (1996) Simple Public Key Certificate, Internet Draft (Work in progress).
Freier, A., !Carlton, P. and Kocher, P. (1996) The SSL Protocol Version 3.0, Internet Draft (Work in progress).
Frystyk-Nielsen, H. (1996) Libwww - the W3C Reference Library, http://www.w3.org/pub/WWW/Library, W3 Consortium.
Frystyk-Nielsen, H. (1996) W3C Reference Library Position Statement, http://www.w3.org/pub/WWW/Library/Activity.html, W3 Consortium.
Housley, R., Ford, W., Polk, W. and Solo, D. (1996) Internet Public Key Infrastructure, Part I:X509 Certificate and CRL Profile, Internet Draft (Work in progress).
E. Köppen, G. Neumann, S. Nusser (1997) Cineast — An extensible Web Browser, Poster presentation at the sixth international world wide web conference, Santa Clara, CA, USA. http://www6conf.slac.stanford.edu/.
Lipp, P. and Hassler, V. (1996) Security Concepts for the WWW, in: P. Horster (ed), Communications and Multimedia Security II, Chapmann and Hall, London.
Maley J. (1996) Enterprise Security Infrastructure, in: Proceedings of the Fifth Workshops on Enabling Technologies: Infrastructure for Collaborating Enterprises, Stanford, CA.
Mastercard (1996) SET.- Secure Electronic Transactions, http://www.mastercard.com/set/,Draft 8/7/96.
Netscape Inc. (1996) Netscape Certificate Specifications, http://home.netscape.com/eng/security/certs.html, Draft by Jeff Weinstein.
Neumann, G. and Nusser, S. (1993) Wafe — An X Toolkit Based Frontend for Application Programs in Various Programming Languages, USENIX Winter 1993 Technical Conference, San Diego, CA.
Nye, A. and O’Reilly, T. (1990) X Toolkit Intrinsics Programming Manual, O’Reilly and Associates Inc., USA.
Oppliger, R. (1997) Internet Security: Firewalls and Beyond, to be published in CACM.
Ousterhout, J.K. (1990) Tcl: An embeddable Command Language, Proceedings of the 1990 Winter USENIX Conference.
Ousterhout, J.K. (1991) An XII Toolkit Based on the Tcl Language, Proceedings of the 1991 Winter USENIX Conference.
Rivest R. and Lampson, B. (1996) SDSI — A Simple Distributed Security Infrastructure, in Proceedings of DIMACS Workshop on Trust Management in Networks, South Plainfield, NJ, USA.
RSA Laboratories (1993) PKCS#10: Certification Request Syntax Standard, Version 1.0.
Sandhu, R., Coyne, E., Feinstein, H. and Youman, C. (1996) Role based access control models, in: IEEE Computer.
Schneier, B. (1996) Applied Cryptography: Protocols, Algorithms, and Source Code in C, John Wiley & Sons, New York.
Stallings, W. (1995) Network and Internetwork Security, Prentice Hall, Englewood Cliffs.
Wetherall, D. and Lindblad, C.J. (1995) Extending Tel for Dynamic Object-Oriented Programming, Proceedings of the Tcl/Tk Workshop ′95, Toronto.
Xcert Software Inc. (1997) The Xcert Software Sentry CA, product description http://www.xcert.com/software/sentry/ca/.
Yeong, W., Howes, T. and Kille, S. (1995) Lightweight Directory Access Protocol, RFC 1777.
Yialelis, N., Lupu, E. and Sloman, M. (1996) Role Based Security for Distributed Object Systems, in: Proceedings of the Fifth Workshops on Enabling Technologies: Infrastructure for Collaborating Enterprises, Stanford, CA.
Young, E. and Hudson, T. (1997) SSLeay and SSLapps FAQ, http://www.psy.oz.au/ftp/Crypto/.
Zimmermann, P. (1995) The Official PGP User’s Guide, MIT Press, Cambridge, Massachusetts.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 IFIP
About this chapter
Cite this chapter
Neumann, G., Nusser, S. (1997). A Framework and Prototyping Environment for a W3 Security Architecture. In: Katsikas, S. (eds) Communications and Multimedia Security. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35256-5_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-35256-5_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2918-3
Online ISBN: 978-0-387-35256-5
eBook Packages: Springer Book Archive