RFC 1507 (rfc1507) - Page 3 of 119

DASS - Distributed Authentication Security Service

Alternative Format: Original Text Document
< Previous
Next >
RFC 1507                          DASS                    September 1993


   of their identities.  But whichever party speaks first reveals
   information which can be used by the second (unauthenticated) party
   to impersonate it.  Longer sequences (often seen in spy movies)
   cannot solve the problem in general.  Further, anyone who can
   eavesdrop on the conversation can impersonate either party in a
   subsequent conversation (unless passwords are only good once).
   Cryptography provides a means whereby one can prove knowledge of a
   secret without revealing it.  People cannot execute cryptographic
   algorithms in their heads, and thus cannot strongly authenticate to
   computers directly.  DASS lays the groundwork for "smart cards":
   microcomputers sealed in credit cards which when activated by a PIN
   will strongly authenticate to a computer.  Until smart cards are
   available, the first link from a user to a DASS node remains
   vulnerable to eavesdropping.  DASS mechanisms are constructed so that
   after the initial authentication, smart card or password based
   authentication looks the same.

   Today, systems are constructed to think of user identities in terms
   of accounts on individual computers.  If I have accounts on ten
   machines, there is no way a priori to see that those ten accounts all
   belong to the same individual.  If I want to be able to access a
   resource through any of the ten machines, I must tell the resource
   about all ten accounts.  I must also tell the resource when I get an
   eleventh account.

   DASS supports the concept of global identity and network login.  A
   user is assigned a name from a global namespace and that name will be
   recognized by any node in the network.  (In some cases, a resource
   may be configured as accessible only by a particular user acting
   through a particular node.  That is an access control decision, and
   it is supported by DASS, but the user is still known by his global
   identity).  From a practical point of view, this means that a user
   can have a single password (or smart card) which can be used on all
   systems which allow him access and access control mechanisms can
   conveniently give access to a user through any computer the user
   happens to be logged into.  Because a single user secret is good on
   all systems, it should never be necessary for a user to enter a
   password other than at initial login.  Because cryptographic
   mechanisms are used, the password should never appear on the network
   beyond the initial login node.

   DASS was designed as a component of the Distributed System Security
   Architecture (DSSA) (see "The Digital Distributed System Security
   Architecture" by M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson,
   1989 National Computer Security Conference).  It is a goal of DSSA
   that access control on all systems be based on users' global names
   and the concept of "accounts" on computers eventually be replaced
   with unnamed rights to execute processes on those computers.  Until



Kaufman
< Previous
Next >