Identification, Authentication and Authorization

Key Distribution Center (KDC) concept

TTP is responsible for bridging the gap between peers.

  • A and B don’t have any shared information.

  • A and B have shared information with TTP.

Why KDC?

Because a TTP can distribute a session key to A and B to prove each other's identity.

  • Session key KABK_{AB}

    • It is temporary (only for one session).

  • A uses KABK_{AB} to prove its identity is B.

  • B uses KABK_{AB} to prove its identity is A.

The proofs by A and B can be made in different ways.

  • Only at the beginning of a session.

  • On each interaction in a session.

Session key distribution

Example

SAML Web Browser SSO Profile

PreviousShared-key authenticationNextKerberos

Last updated