SESAME IN A NUTSHELL


WHAT IS SESAME?

SESAME (a Secure European System for Applications in a Multi-vendor Environment) is a European research and development project, part funded by the European Commission under its RACE programme. It is also the name of the technology that came out of that project.

The SESAME technology offers sophisticated single sign-on with added distributed access control features and cryptographic protection of interchanged data.

SESAME is a construction kit. It is a set of security infrastructure components for product developers. It provides the underlying bedrock upon which full managed single sign-on products can be built.

Examples of such products are ICL's Access Manager and Bull SA's Integrated System Management AccessMaster (ISM AccessMaster). Siemens (Software & Systems Engineering Ltd) is also using SESAME technology to improve its secure X.400 mail product set.


HOW DOES SESAME WORK?

This is what happens:

To access the distributed system, a user first authenticates to an Authentication Server to get a cryptographically protected token used to prove his or her identity. The user then presents the token to a Privilege Attribute Server to obtain a guaranteed set of access rights contained in a Privilege Attribute Certificate (or PAC). The PAC is a specific form of Access Control Certificate that conforms to ECMA and ISO/ITU-T standards.

The promulgation, protection and use of PACs are central features of the SESAME design.

The PAC is presented by the user to a target application whenever access to a protected resource is needed. The target application makes an access control decision according to the user's security attributes from the PAC, and other access control information (for example an Access Control List) attached to the controlled resource.

A PAC can be used more than once at more than one target application. It is digitally signed to prevent it being undetectably tampered with.

In some circumstances a user might want an application to act on his or her behalf. The user might want to delegate access rights to that application. SESAME supports delegation, allowing this to be controlled by the user, who can dictate which applications are permitted to act as delegates, and which other applications they can access on the user's behalf.

The PAC is cryptographically protected from the point it leaves the Privilege Attribute Server all the way to the final target application to prevent anybody but its genuine owner or an authorised delegate making use of it.

To provide this protection SESAME needs to establish temporary secret cryptographic keys shared pairwise between the participants. Kerberos key distribution protocols can be used for this, but they can also be either supplemented, or where appropriate completely replaced by public key technology. SESAME also supports Certification Authorities, X.509 Directory user certficates, following ISO/ITU-T standards.

User data passed in a dialogue between a client and a server can optionally be either integrity protected or confidentiality protected or both, using specially created Dialogue Keys.

Dialogue Keys also ensure that the actions that are authorised really have come from the user whose PAC is providing the basis for that authorisation.


HOW DOES SESAME RELATE TO KERBEROS?

Similar work, aimed specifically at UNIX systems, has been done by the Massachusetts Institute of Technology which has developed a basic distributed single sign-on technology called Kerberos. Kerberos has been proposed as an Internet standard (rfc1510).

In the light of this work, the SESAME project decided that in its early implementation some of the SESAME components would be accessible through the Kerberos V5 protocol (as specified in RFC1510), and would use Kerberos data structures, as well as new SESAME ones. This has shown unequivocally that a product quality approach reusing selected parts of the Kerberos specification is workable and that a world standard is possible incorporating features of both technologies." SESAME adds to Kerberos : Heterogeneity, sophisticated access control features, scalability of public key systems, better manageability, audit and delegation.


WHAT ABOUT THE GSS-API?

Another important development in the field of Open distributed system security has been the Generic Security Services Application Program Interface (GSS-API). This interface hides from its callers the details of the specific underlying security mechanism, leading to better application portability, and moving generally in the direction of a better interworking capability.

The GSS-API also completely separates the choice of security mechanism from choice of communications protocol. A GSS-API implementation is viable across virtually any communications method. GSS_API is an Internet and X/Open standard.

SESAME is accessed through the GSS-API, extended to support features needed to provide distributed Access Control.