Re: single-signon with X.509 certificates

From: Thomas Vincent (thomasv_at_mac.com)
Date: 03/12/04

  • Next message: Frank Cusack: "Re: kerberos and web-single signon, a good solution??"
    Date: 11 Mar 2004 20:25:28 -0800
    
    

    PKI is generally used for authentication and verifying the integrity
    of the data. The authorization is stored in the directory (LDAP) and
    or the application. It is hard to give you a complete answer when we
    don't know what the operating systems your using are. The fact that
    the digital certicate is on a USB token is irrelevant. The computer
    will simpley look at that as just another device aka. hard drive.

    PKI is a messy business right now with a bunch of vendors (ENTRUST)
    trying to create stovepipe solutions. Basically because they know that
    PKI is largely becoming a commidity not something unique.

    A quick search of google turns up a ton of information on the subject.

    "Edward A. Feustel" <edward.feustel@dartmouth.edu> wrote in message news:<c1kobi$72n$1@merrimack.Dartmouth.EDU>...
    > "Michel Oosterhof" <m.no-spam.oosterhof@xs4all.nl> wrote in message
    > news:403d2a0e$0$566$e4fe514c@news.xs4all.nl...
    > > bisibis@pt.lu (paul b) writes:
    > >
    > > >Hello,
    > > >I need some help for a single signon system that I have to develop for
    > > >a society during the next few month
    > > >The system has to work in the following way:
    > > >The users have to do a single authentication against the system using
    > > >a X.509 certificate stored on an USB-token. Once this authentication
    > > >is correct, they will get access to some proprietary applications. All
    > > >the security has to lie thus on the certificates.


  • Next message: Frank Cusack: "Re: kerberos and web-single signon, a good solution??"

    Relevant Pages

    • Re: single-signon with X.509 certificates
      ... PKI is generally used for authentication and verifying the integrity ... The authorization is stored in the directory (LDAP) and ...
      (comp.security.misc)
    • Re: Trojans that use LDAP
      ... A PKI Client that is trying to access a PKI at this address would be my guess ... PKI's usually use LDAP to look up certificates and CRL's. ... >- This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ...
      (Incidents)
    • Re: SMB signing
      ... SMB signing does not need PKI. ... packet is digitally signed to ensure authenticity and integrity but not ... confidentiality like ipsec. ... > Is it possible to enable SMB signing without a PKI infrastructure. ...
      (microsoft.public.windows.server.security)