CredEx: User-centric credential management for grid and Web services

David Del Vecchio; Marty Humphrey; Jim Basney; Nataraj Nagaratnam

doi:10.1109/ICWS.2005.43

CredEx: User-centric credential management for grid and Web services

David Del Vecchio, Marty Humphrey, Jim Basney, Nataraj Nagaratnam

National Center for Supercomputing Applications (NCSA)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

User authentication is a crucial security component for most computing systems. But since the security needs of different systems vary widely, authentication mechanisms are similarly diverse. In particular, independently-managed Web and Grid Services vary with regard to the type of security token (credential) used to prove user identity (username/password, X.509 signing, Kerberos, etc.). Forcing users to manage and present credentials manually for each service is tedious, error-prone and potentially insecure. In contrast, we present CredEx, an open-source, standards-based Web Service that facilitates the secure storage of credentials and enables the dynamic exchange of different credential types using the WS-Trust token exchange protocol. With CredEx, a user can achieve single sign-on by acquiring a single (default) credential then dynamically exchanging that credential as needed for services that authenticate a different way. We describe the design and implementation of CredEx by focusing on its use in bridging password-based Web Services and PKI-based Grid Services, illustrating how interoperability between these realms can be based upon the WS-Security and WS-Trust specifications.

Original language	English (US)
Title of host publication	Proceedings - 2005 IEEE International Conference on Web Services, ICWS 2005
Pages	149-158
Number of pages	10
DOIs	https://doi.org/10.1109/ICWS.2005.43
State	Published - Dec 1 2005
Event	2005 IEEE International Conference on Web Services, ICWS 2005 - Orlando, FL, United States Duration: Jul 11 2005 → Jul 15 2005

Publication series

Name	Proceedings - 2005 IEEE International Conference on Web Services, ICWS 2005
Volume	2005

Other

Other	2005 IEEE International Conference on Web Services, ICWS 2005
Country	United States
City	Orlando, FL
Period	7/11/05 → 7/15/05

ASJC Scopus subject areas

Engineering(all)

Access to Document

10.1109/ICWS.2005.43

Fingerprint Dive into the research topics of 'CredEx: User-centric credential management for grid and Web services'. Together they form a unique fingerprint.

Cite this

CredEx : User-centric credential management for grid and Web services. / Del Vecchio, David; Humphrey, Marty; Basney, Jim; Nagaratnam, Nataraj.

Proceedings - 2005 IEEE International Conference on Web Services, ICWS 2005. 2005. p. 149-158 1530793 (Proceedings - 2005 IEEE International Conference on Web Services, ICWS 2005; Vol. 2005).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Del Vecchio, D, Humphrey, M, Basney, J & Nagaratnam, N 2005, CredEx: User-centric credential management for grid and Web services. in Proceedings - 2005 IEEE International Conference on Web Services, ICWS 2005., 1530793, Proceedings - 2005 IEEE International Conference on Web Services, ICWS 2005, vol. 2005, pp. 149-158, 2005 IEEE International Conference on Web Services, ICWS 2005, Orlando, FL, United States, 7/11/05. https://doi.org/10.1109/ICWS.2005.43

@inproceedings{e7e15e14fd9446f4a17ce98790f3c05a,

title = "CredEx: User-centric credential management for grid and Web services",

abstract = "User authentication is a crucial security component for most computing systems. But since the security needs of different systems vary widely, authentication mechanisms are similarly diverse. In particular, independently-managed Web and Grid Services vary with regard to the type of security token (credential) used to prove user identity (username/password, X.509 signing, Kerberos, etc.). Forcing users to manage and present credentials manually for each service is tedious, error-prone and potentially insecure. In contrast, we present CredEx, an open-source, standards-based Web Service that facilitates the secure storage of credentials and enables the dynamic exchange of different credential types using the WS-Trust token exchange protocol. With CredEx, a user can achieve single sign-on by acquiring a single (default) credential then dynamically exchanging that credential as needed for services that authenticate a different way. We describe the design and implementation of CredEx by focusing on its use in bridging password-based Web Services and PKI-based Grid Services, illustrating how interoperability between these realms can be based upon the WS-Security and WS-Trust specifications.",

author = "{Del Vecchio}, David and Marty Humphrey and Jim Basney and Nataraj Nagaratnam",

year = "2005",

month = dec,

day = "1",

doi = "10.1109/ICWS.2005.43",

language = "English (US)",

isbn = "0769524095",

series = "Proceedings - 2005 IEEE International Conference on Web Services, ICWS 2005",

pages = "149--158",

booktitle = "Proceedings - 2005 IEEE International Conference on Web Services, ICWS 2005",

note = "2005 IEEE International Conference on Web Services, ICWS 2005 ; Conference date: 11-07-2005 Through 15-07-2005",

}

TY - GEN

T1 - CredEx

T2 - 2005 IEEE International Conference on Web Services, ICWS 2005

AU - Del Vecchio, David

AU - Humphrey, Marty

AU - Basney, Jim

AU - Nagaratnam, Nataraj

PY - 2005/12/1

Y1 - 2005/12/1

N2 - User authentication is a crucial security component for most computing systems. But since the security needs of different systems vary widely, authentication mechanisms are similarly diverse. In particular, independently-managed Web and Grid Services vary with regard to the type of security token (credential) used to prove user identity (username/password, X.509 signing, Kerberos, etc.). Forcing users to manage and present credentials manually for each service is tedious, error-prone and potentially insecure. In contrast, we present CredEx, an open-source, standards-based Web Service that facilitates the secure storage of credentials and enables the dynamic exchange of different credential types using the WS-Trust token exchange protocol. With CredEx, a user can achieve single sign-on by acquiring a single (default) credential then dynamically exchanging that credential as needed for services that authenticate a different way. We describe the design and implementation of CredEx by focusing on its use in bridging password-based Web Services and PKI-based Grid Services, illustrating how interoperability between these realms can be based upon the WS-Security and WS-Trust specifications.

AB - User authentication is a crucial security component for most computing systems. But since the security needs of different systems vary widely, authentication mechanisms are similarly diverse. In particular, independently-managed Web and Grid Services vary with regard to the type of security token (credential) used to prove user identity (username/password, X.509 signing, Kerberos, etc.). Forcing users to manage and present credentials manually for each service is tedious, error-prone and potentially insecure. In contrast, we present CredEx, an open-source, standards-based Web Service that facilitates the secure storage of credentials and enables the dynamic exchange of different credential types using the WS-Trust token exchange protocol. With CredEx, a user can achieve single sign-on by acquiring a single (default) credential then dynamically exchanging that credential as needed for services that authenticate a different way. We describe the design and implementation of CredEx by focusing on its use in bridging password-based Web Services and PKI-based Grid Services, illustrating how interoperability between these realms can be based upon the WS-Security and WS-Trust specifications.

UR - http://www.scopus.com/inward/record.url?scp=33749053153&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33749053153&partnerID=8YFLogxK

U2 - 10.1109/ICWS.2005.43

DO - 10.1109/ICWS.2005.43

M3 - Conference contribution

AN - SCOPUS:33749053153

SN - 0769524095

SN - 9780769524092

T3 - Proceedings - 2005 IEEE International Conference on Web Services, ICWS 2005

SP - 149

EP - 158

BT - Proceedings - 2005 IEEE International Conference on Web Services, ICWS 2005

Y2 - 11 July 2005 through 15 July 2005

ER -