Practical authentication for distributed computing

Abstract

Issues related to authentication in a distributed computing environment are discussed. Authentication approaches used in Digital Equipment Corporation's Distributed System Security Architecture (DSSA) are described. Node, user, and process granularity authentication concerns are considered. Authentication is based on a global hierarchic naming structure and public-key cryptography. Directory-resident certificates associating entities with long-term keys are used in conjunction with dynamically signed certificates which represent transient bindings between entities. Distributed system elements can be mutually suspicious. At the node level, special topics considered include the relationship between authentication and secure loading and the relationship between authentication and rule-based policy support. At the user level, architecture requirements are identified and authentication protocol options based on smart cards and on user-entered passwords are described.