Generic Bootstrapping Architecture: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 19:37, 7 November 2019 edit Dwmalone (talk \| contribs) Extended confirmed users 2,648 edits m Undid good faith revision 925056182 by 195.53.238.82 (talk) - the "u" in "user" is pronounced as the consonant /j/, and so takes "a" not "an. Tag: Undo ← Previous edit		Latest revision as of 07:10, 25 May 2024 edit undo InternetArchiveBot (talk \| contribs) Bots, Pending changes reviewers 5,698,993 edits Rescuing 2 sources and tagging 0 as dead.) #IABot (v2.0.9.5
(2 intermediate revisions by the same user not shown)
Line 14: - There is no need for user enrollment phase nor secure deployment of keys, making this solution a very low cost one when compared to [[Public key infrastructure\|PKI]]. - Another advantage is the ease with which the authentication method may be integrated into terminals and service providers, as it is based on [[HTTP]]'s well known "[[Digest access authentication]]". Every Web server already implement HTTP [[digest authentication]] and the effort to implement GBA on top of digest authentication is minimal. For example, it could be implemented on SimpleSAMLPhP http://rnd.feide.no/simplesamlphp {{Webarchive\|url=https://web.archive.org/web/20081219004332/http://rnd.feide.no/simplesamlphp \|date=2008-12-19 }} with 500 PHP lines of code and only a few tens of lines of code are Service Provider specific making it really easy to port it to another Web site. - On device side is needed: Line 21: == Technical overview == Actually, contents in this section are from external literature.<ref>[{{Cite web \|url=http://www.tml.tkk.fi/Publications/C/22/papers/Olkkonen_final.pdf \|title=Generic Authentication Architecture by Timo Olkkonen, Helsinki University of Technology] \|access-date=2010-07-05 \|archive-date=2016-07-05 \|archive-url=https://web.archive.org/web/20160705130421/http://www.tml.tkk.fi/Publications/C/22/papers/Olkkonen_final.pdf \|url-status=dead }}</ref> There are two ways to use GAA (Generic Authentication Architecture). Line 41: == Uses == * The SPICE project developed an extended Use Case named "split terminal" where a user on a PC can authenticate with their mobile phone: http://www.ist-spice.org/demos/demo3.htm {{Webarchive\|url=https://web.archive.org/web/20090324084359/http://www.ist-spice.org/demos/demo3.htm \|date=2009-03-24 }}. The NAF was developed on SimpleSAMLPhP and a Firefox extension was developed to process the GBA digest authencation request from the BSF. Bluetooth SIM Access Profile was used between the Firefox browser and the mobile phone. Later a partner developed a "zero installation" concept. * The research institute [[Fraunhofer Institute for Open Communication Systems\|Fraunhofer FOKUS]] developed an OpenID extension for Firefox which uses GBA authentication.[https://web.archive.org/web/20150217142539/http://www.icin.biz/files/2008papers/Session5A-2.pdf Presentation at ICIN 2008 by Peter Weik] * The Open Mobile Terminal Platform http://www.omtp.org references GBA in its Advanced Trusted Environment: OMTP TR1<ref>[{{Cite web \|url=http://www.omtp.org/Publications/Display.aspx?Id=24ad518b-6dba-4155-ad51-3143bd43a234 \|title=OMTP Advanced Trusted Environment: OMTP TR1] \|access-date=2009-01-04 \|archive-url=https://web.archive.org/web/20081021071602/http://www.omtp.org/Publications/Display.aspx?Id=24ad518b-6dba-4155-ad51-3143bd43a234 \|archive-date=2008-10-21 \|url-status=dead }}</ref> recommendation, first released in May 2008. Sadly, despite many advantages and potential uses of GBA, its implementation in handsets has been limited since GBA standardization in 2006. Most notably, GBA was implemented in Symbian-based handsets.