TY - GEN
T1 - CredEx
T2 - 2005 IEEE International Conference on Web Services, ICWS 2005
AU - Del Vecchio, David
AU - Humphrey, Marty
AU - Basney, Jim
AU - Nagaratnam, Nataraj
PY - 2005/12/1
Y1 - 2005/12/1
N2 - User authentication is a crucial security component for most computing systems. But since the security needs of different systems vary widely, authentication mechanisms are similarly diverse. In particular, independently-managed Web and Grid Services vary with regard to the type of security token (credential) used to prove user identity (username/password, X.509 signing, Kerberos, etc.). Forcing users to manage and present credentials manually for each service is tedious, error-prone and potentially insecure. In contrast, we present CredEx, an open-source, standards-based Web Service that facilitates the secure storage of credentials and enables the dynamic exchange of different credential types using the WS-Trust token exchange protocol. With CredEx, a user can achieve single sign-on by acquiring a single (default) credential then dynamically exchanging that credential as needed for services that authenticate a different way. We describe the design and implementation of CredEx by focusing on its use in bridging password-based Web Services and PKI-based Grid Services, illustrating how interoperability between these realms can be based upon the WS-Security and WS-Trust specifications.
AB - User authentication is a crucial security component for most computing systems. But since the security needs of different systems vary widely, authentication mechanisms are similarly diverse. In particular, independently-managed Web and Grid Services vary with regard to the type of security token (credential) used to prove user identity (username/password, X.509 signing, Kerberos, etc.). Forcing users to manage and present credentials manually for each service is tedious, error-prone and potentially insecure. In contrast, we present CredEx, an open-source, standards-based Web Service that facilitates the secure storage of credentials and enables the dynamic exchange of different credential types using the WS-Trust token exchange protocol. With CredEx, a user can achieve single sign-on by acquiring a single (default) credential then dynamically exchanging that credential as needed for services that authenticate a different way. We describe the design and implementation of CredEx by focusing on its use in bridging password-based Web Services and PKI-based Grid Services, illustrating how interoperability between these realms can be based upon the WS-Security and WS-Trust specifications.
UR - http://www.scopus.com/inward/record.url?scp=33749053153&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33749053153&partnerID=8YFLogxK
U2 - 10.1109/ICWS.2005.43
DO - 10.1109/ICWS.2005.43
M3 - Conference contribution
AN - SCOPUS:33749053153
SN - 0769524095
SN - 9780769524092
T3 - Proceedings - 2005 IEEE International Conference on Web Services, ICWS 2005
SP - 149
EP - 158
BT - Proceedings - 2005 IEEE International Conference on Web Services, ICWS 2005
Y2 - 11 July 2005 through 15 July 2005
ER -