Difference between revisions of "Projects/Geolocation Policy"
From K5Wiki
< Projects
(Initial purpose statement) |
(Added Design section) |
||
| Line 3: | Line 3: | ||
== Use Case == |
== Use Case == |
||
| − | # Person travels abroad. When authenticating to his corporate Kerberos-enabled system, he uses some location-related measurement Device together with other authentication means. The |
+ | # Person travels abroad. When authenticating to his corporate Kerberos-enabled system, he uses some location-related measurement Device together with the other authentication means. The geolocation claim is passed to the KDC with the initial request. There it is evaluated by a designated service and, based on the result of the evaluation and local policies, KDC proceeds with issuing, or not, the ticket. |
| − | # |
+ | # The client's geolocation maybe used for Audit purposes. |
== Purpose == |
== Purpose == |
||
Define a new Geolocation policy and create an infrastructure to allow KDC to deal with the geolocation information. |
Define a new Geolocation policy and create an infrastructure to allow KDC to deal with the geolocation information. |
||
| + | |||
| + | == Design == |
||
| + | |||
| + | Client contacts Location Information Service (LIS) with the geolocation claim. LIS evaluates the claim (geographical and network attachment) and issues certificate confirming correctness of the claim. Client sends this certificate to KDC. KDC uses its PKINIT facilities to process the certificate. |
||
| + | |||
==Related references== |
==Related references== |
||
| − | # [http:// |
+ | # [http://datatracker.ietf.org/doc/draft-ietf-geopriv-held-measurements/ draft-ietf-geopriv-held-measurements] |
| + | # [http://datatracker.ietf.org/wg/geopriv/ IETF geopriv charter] |
||
Revision as of 12:52, 1 August 2013
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.
Contents
Use Case
- Person travels abroad. When authenticating to his corporate Kerberos-enabled system, he uses some location-related measurement Device together with the other authentication means. The geolocation claim is passed to the KDC with the initial request. There it is evaluated by a designated service and, based on the result of the evaluation and local policies, KDC proceeds with issuing, or not, the ticket.
- The client's geolocation maybe used for Audit purposes.
Purpose
Define a new Geolocation policy and create an infrastructure to allow KDC to deal with the geolocation information.
Design
Client contacts Location Information Service (LIS) with the geolocation claim. LIS evaluates the claim (geographical and network attachment) and issues certificate confirming correctness of the claim. Client sends this certificate to KDC. KDC uses its PKINIT facilities to process the certificate.
