In addition to the Kerstein report mentioned in my previous message there
are two others papers which may be of interest:
Implementation of JANET authentication and encryption services
Andrew Young I.T. Institute, University of Salford
<URL:http://www.niss.ac.uk/education/jisc/acn/authent/young.html>
Web Security
Andrew Cormack University of Wales, Cardiff
<URL:http://www.niss.ac.uk/education/jisc/acn/authent/cormack.html>
Table of Contents For Young report:
Introduction
Information Management
The authentication server
The certification authority
Information stored on the authentication server
The personal security environment
Other authentication infrastructures
Electronic mail
The PGP proxy
Example
Future developments
JISC services
Authentication using simple passwords
Hardware one-time passwords (challenge-response cards)
Software one-time passwords (S/Key)
Strong authentication
Confidentiality
Telnet and FTP
Other considerations
Resilience
Conclusions
Pointers
PGP pointers
Telnet/FTP pointers
Security pointers
Table of contents for Cormack report:
1. Introduction
2. Security
2.1 Authentication
2.2 Authorisation
2.3 Privacy
3. World Wide Web Security
3.1 Authentication and the Web
3.2 Authentication Servers
3.3 Security Requirements
3.4 The Web Transaction Security Proposal and SHTTP
3.5 Netscape's Secure Socket Layer (SSL)
3.6 Summary
3.6.1 Requirements
3.6.2 Implementation
4. Other Internet Services
5. Pretty Good Privacy (PGP)
6. Charging for Services
7. Conclusions
8. References
8.1 Cryptography
8.2 IETF Documents
8.3 Implementations
------------------------------------------------------
Brian Kelly, UK Web Focus
UKOLN, University of Bath, BATH, England, BA2 7AY
Email: [log in to unmask] URL: http://www.ukoln.ac.uk/
Phone: 01225 323943 FAX: 01225 826838
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|