This is much more ef?¬?cient than
maintaining a huge list of users and resources in a central location
and having to go though it every time an access is made.
All of this happens under the constant protection of cryptography,
applied consistently at every step. In the section
???Kerberos,??? we discuss how a technology based on that model
works.
Those are great advantages. Unfortunately they are improving a
scenario, the intranet, that was already in a pretty good shape.
In fact, we just explicitly explained what happens when somebody
uses a local network after he successfully logged in: The
access method, the way in which the user logs on, is not really
changed by the fact that the network software is token-based.
Understanding the mechanism behind token usage is, however,
of paramount importance because it is the ?¬?rst evolutionary step
toward cross entity authentication. Without tokens, our identity
would be doomed to never leave the boundary of the network it
has been created for. As you will see in the next two sections
and in Chapter 2, tokens are the way of breaking free of the
hostage identity problem. We ?¬?rst examine Kerberos, a protocol
that uses tokens mainly in the context of a local network; then
we take a quick look at the Liberty protocol, which builds on
the idea of tokens for extending the reach of user identities beyond
the boundaries of their home network.
Pages:
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139