internetwide.org
Identity 5: Integrating Kerberos and SAML // InternetWide.org // Rewriting the fragile future of the internet.
http://internetwide.org/blog/2015/04/25/id-5-ksaml.html
Sat 25 April 2015. Identity 5: Integrating Kerberos and SAML. The ideal identity system integrates well with the web, and with non-web applications. The systems that are most seriously used in these realms are SAML and Kerberos, respectively. But until now, they didn't mix. As explained in lessons learnt. Bring your own identity. And even tricks with identities. We have a clear notion of how to conceptually deal with identity. Their coupling needs to be defined and preferrably standardised. Is needed....
internetwide.org
...a project to benefit everyone // InternetWide.org // Rewriting the fragile future of the internet.
http://www.internetwide.org/audience
Rewriting the fragile future of the internet. A project to benefit everyone. We have something to offer. Something to ask, regardless of how you relate with the internet:. InternetWide.org – about.
internetwide.org
Identity 4: Tips and Tricks // InternetWide.org // Rewriting the fragile future of the internet.
http://internetwide.org/blog/2015/04/24/id-4-tricks.html
Fri 24 April 2015. Identity 4: Tips and Tricks. The various forms of identity offered under the InternetWide Architecture can sometimes be used in clever ways, for example to construct identities with limited access or temporary validity. A number of possible tricks follow. Earlier parts of this series covered lessons learnt. To this series and presented various forms of identity. Usable under our bring your own identity. And define roles such as. As totally independent of. Is a group that contains.
realm-xover.arpa2.net
Moonshot
http://realm-xover.arpa2.net/moonshot.html
Funded by InternetWide.org. This site reflects work in progress. Moonshot is a new mechanism that is specifically aimed at cross-realm authentication; its main focus is not to serve connectivity across the Internet as a whole, but rather within predetermined federations, so predetermined sets of co-operating institutional networks. Not for the Internet as a whole. What Moonshot uses is EAP over GSS-API; EAP being the Extensible Authentication Protocol. A common roll-out of Moonshot will interface to ...
reservoir.arpa2.net
Exchange of Calendar, ToDo, Journal items
http://reservoir.arpa2.net/icalendar.html
Funded by InternetWide.org. Exchange of Calendar, ToDo, Journal items. One of the most mundane unfulfilled promises of the Internet is perhaps scheduling, through personal Calendars, ToDo lists and Journal entries; all these could in theory be distributed and shared, under proper access control, but none of this has been realised in practice. The intention of ARPA2 is to bring these rudimentary principles to everyone's fingertips. Interestingly,. Have been defined, but the current set of. A dentist, a si...
steamworks.arpa2.net
SteamWorks' Shaft
http://steamworks.arpa2.net/shaft.html
Funded by InternetWide.org. This site reflects work in progress. In a factory driven by a steam engine, the Shaft carries rotary motion from the steam engine's Crank wheel to the Pulley's that drive machinery. Likewise, the Shaft program is "just" a transporter of configuration data and changes. Vital about this facility is that it crosses site boundaries and helps to do this without sacrificing stability or security. Read the specification for this tool. Written in preparation of coding). By localising ...
tls-kdh.arpa2.net
Work Related to TLS-KDH
http://tls-kdh.arpa2.net/related.html
Funded by InternetWide.org. Work Related to TLS-KDH. This site reflects work in progress. While opening the discussion on TLS-KDH, several people have suggested related work and, perhaps, alternatives. This is the approach initially proposed on this site. It wants to use Kerberos Diffie-Hellman as two angles on the cryptographic wish to provides encryption and authentication aspects that enhance each other. As suggested by Janet. Application framework implements the work from the IETF workgroup ABFAB.
snitch.arpa2.net
SNItch architecture
http://snitch.arpa2.net/architecture.html
Funded by InternetWide.org. What SNItch does is very simple, and it will stay simple: it switches connections based on. In the onset of TLS. Because they are better done at endpoints include:. Implementations of TLS mechanisms. Selection of TLS/SSL versions. Things that SNItch can do with relative ease include:. Handle wildcards to cover subordinate DNS names. Accept TLS in a variety of wrapping forms. Dramatic sizability by using a local Oracle/BerkeleyDB for the names. Supported TLS Carrier Protocols.
realm-xover.arpa2.net
Realm Crossover
http://realm-xover.arpa2.net/index.html
Funded by InternetWide.org. This site reflects work in progress. What is this site about? A realm is a network environment with a shared security context. Usually, a realm is matched with one or more domain names and perhaps physical LANs, and it groups Users and Machines in such a way that they can work together. Why is realm crossover useful? Generally, it is desirable to control your own identity provider. How can realm crossover be realised? A local security realm authenticates the user. The user app...
donai.arpa2.net
DoNAI-based Access Control
http://donai.arpa2.net/acl.html
Funded by InternetWide.org. Based on DoNAIs and DoNAI selectors, a general form of access control can be defined. Any protocol that uses a DoNAI to identify local and remote peers can be made to enforce these, irrespective of whether they represent users, hosts, roles or groups. Many Forms of Identity. A DoNAI is a general syntax for identities. This form may represent many different things, and for a remote peer we do not even know which. A few possible uses of the syntax are:. Represent an aspect of a ...