A Framework and Prototyping Environment for a W3 Security Architecture

The goal of this paper is to identify and describe the services necessary to build a secure corporate intranet and to show how prototypical implementations of these components can be realized to evaluate different approaches and configurations. The paper presents an architectural framework, which identifies the core services necessary for a secure Internet-based communication and information infrastructure. We focus on the authentication service, which is responsible for authenticating users and services. We then show how security infrastructures can be developed and tested using the rapid prototyping environment Wafe and the extensible Web browser Cineast. We explain how basic operations such as secure transfer and certificate acquisition can be realized and demonstrate the implementation of different certificate validation strategies.

[1]  Emil C. Lupu,et al.  Role-based security for distributed object systems , 1996, Proceedings of WET ICE '96. IEEE 5th Workshop on Enabling Technologies; Infrastucture for Collaborative Enterprises.

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Alan O. Freier,et al.  The SSL Protocol Version 3.0 , 1996 .

[4]  John K. Ousterhout,et al.  Tcl: An Embeddable Command Language , 1989, USENIX Winter.

[5]  Alan O. Freier,et al.  SSL Protocol Version 3.0 Internet Draft , 1996 .

[6]  Tim Howes,et al.  Lightweight Directory Access Protocol , 1995, RFC.

[7]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[8]  John K. Ousterhout,et al.  An X11 Toolkit Based on the Tcl Language , 1991, USENIX Winter.

[9]  David Wetherall,et al.  Extending Tcl for Dynamic Object-Oriented Programming , 1995, Tcl/Tk Workshop.

[10]  P. Hoffman Internet Draft , 1998 .

[11]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[12]  Vesna Hassler,et al.  Security Concepts for the WWW , 1996, Communications and Multimedia Security.

[13]  Gustaf Neumann,et al.  Cineast - An Extensible Web Browser , 1997, WebNet.

[14]  Joseph G. Maley Enterprise security infrastructure , 1996, Proceedings of WET ICE '96. IEEE 5th Workshop on Enabling Technologies; Infrastucture for Collaborative Enterprises.

[15]  Stephen Farrell,et al.  Internet Public Key Infrastructure , 1995 .

[16]  Burton S. Kaliski PKCS #10: Certification Request Syntax Version 1.5 , 1998, RFC.

[17]  Gustaf Neumann,et al.  Wafe - An X Toolkit Based Frontend for Application Programs in Various Programming Languages , 1993, USENIX Winter.

[18]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[19]  Adrian Nye,et al.  X Toolkit Intrinsics Programming Manual , 1990 .

[20]  Rolf Oppliger,et al.  Internet security: firewalls and beyond , 1997, CACM.

[21]  Butler W. Lampson,et al.  Simple Public Key Certificate , 1998 .

[22]  Keng Siau Xcert Software, Inc. , 1999, J. Inf. Technol..