An authentication service supporting domain-based access control policies

This paper describes the basic architecture of an authentication service for distributed systems in which domains are used to group objects in order to specify policy. This is necessary for very large scale systems where it is impractical to specify policies for individual objects. The enforcement of a policy that is specified in terms of domains requires authentication of object membership of domains. As the use of asymmetric cryptography would result in unacceptable performance, the proposed system is based on the use of symmetric cryptography for intra-realm authentication of identities or domain membership, while asymmetric cryptography can still be used for interrealm authentication. It utilises replicated trusted authentication servers with minimal state in order to avoid problems in terms of the security and state consistency of the replicas. This is achieved by using private-key certificates which provide a similar functionality to the public key certificates in asymmetric cryptosystems, but have better performance. Authentication servers are also used as translators, i.e. they translate messages that were encrypted with the secret key of the sender by re-encrypting them with the secret key of the receiver. The paper also describes the establishment of secure channels between remote objects as well as the authentication of object membership of domains.