Kerberos-based AAIs 2/3

• SESAME is based on

  • a Kerberos V5 authentication service
  • an ECMA-based authorization and access control service

• In short, SESAME uses privilege attribute certificates (PACs) to grant privileges to entities

• A PAC

  • is a digitally signed statement about the privileges of an entity
  • is issued by a privilege attribute server (PAS)
  • is conceptually similar to an attribute certificate (as discussed later)

• The Open Groupës DCE and Microsoftës Windows 2000 use similar concepts

Previous slide

Next slide

Back to first slide

View graphic version