Distributed Authentication Through Kerberos Tickets: Problem statement and Requirements

This document presents the problem of authentication and authorization in distributed environments constituted by several users communicating with application servers and communicating with each others. Each user in this environment can also play the role of an application provider. Imagine a large music event where the provided network infrastructure is enhanced with network storage equipment to allow visitors to access content relating to the bands playing at the events, such as recorded video of previous performances, supplementary audio and video material relevant to the bands playing, etc. Certain content is, however, not necessarily available to everyone under the same conditions. Instead access control is applied before the full range of audio, and video material can be accessed. Other content, such as previews, might be offered for free. How can such authentication, and authorization infrastructure be made available with minimal configuration complexity for a temporary event like a music festival? This document describes a problem statement based on the attempt to use Kerberos and lists a couple of requirements for potentially needed Kerberos extensions.