Flexible and Scalable Credential Structures: NetBill Implementation and Experience

In electronic commerce consumers often need to present attributes such as membership in order to benefit from specific pricing or access. A scalable, efficient mechanism for conveying attributes independently from authentication is required. In this paper we describe a system based on a combination of Public Key Kerberos for Distributed Authentication (PKDA) and attribute credentials as a means for solving meeting these requirements. This system is compared to other proposals for distributed authentication and authorization, and is shown to be superior in several respects. The system has been implemented as part of the NetBill micropayment system and has been demonstrated to work well in meeting the stated requirements.

[1]  Denis Pinkas,et al.  SESAME: The solution to security for open distributed systems , 1994, Comput. Commun..

[2]  Benjamin Cox,et al.  NetBill Security and Transaction Protocol , 1995, USENIX Workshop on Electronic Commerce.

[3]  B. Clifford Neuman,et al.  A flexible distributed authorization protocol , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[4]  Marvin A. Sirbu,et al.  Distributed authentication in Kerberos using public key cryptography , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[5]  Lorrie Faith Cranor Bias and responsibility in 'neutral' social protocols , 1998, CSOC.

[6]  B. Clifford Neuman,et al.  Proxy-based authorization and accounting for distributed systems , 1993, [1993] Proceedings. The 13th International Conference on Distributed Computing Systems.

[7]  Warwick Ford,et al.  Secure electronic commerce , 1997 .

[8]  P. V. McMahon SESAME V2 public key and authorisation extensions to Kerberos , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[9]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .