SESAME IN A NUTSHELL
- SESAME supports
single sign-on to the network.
- SESAME provides role based distributed access control using digitally
signed Privilege Attribute Certificates, with optional
delegation of access rights.
- SESAME supports full cryptographic protection of exchanges between users
and remote applications.
- SESAME supports multiple domain operation with different
- SESAME can be scaled to operate over very large networks through its use of
public key technology.
- SESAME builds on work done in international standards - it is an Open
- SESAME uses the widely accepted Generic Security Service API (GSS-API).
The SESAME user gets mechanism transparency.
WHAT IS SESAME?
SESAME (a Secure European System for Applications in a Multi-vendor
Environment) is a European research and development project, part funded
by the European Commission under its RACE
programme. It is also the name of the technology that came out of
The SESAME technology offers sophisticated single sign-on with
added distributed access control features and cryptographic
protection of interchanged data.
SESAME is a construction kit. It is a set of security
infrastructure components for product developers. It provides the
underlying bedrock upon which full managed single sign-on products
can be built.
Examples of such products are ICL's
and Bull SA's
Integrated System Management AccessMaster
& Systems Engineering Ltd) is also using SESAME technology to
improve its secure X.400 mail product set.
HOW DOES SESAME WORK?
This is what happens:
To access the distributed system, a user first authenticates to an
Authentication Server to get a cryptographically protected token
used to prove his or her identity. The user then presents the
token to a Privilege Attribute Server to obtain a guaranteed set
of access rights contained in a Privilege Attribute Certificate
(or PAC). The PAC is a specific form of Access Control
Certificate that conforms to ECMA and ISO/ITU-T standards.
The promulgation, protection and use of PACs are central features
of the SESAME design.
The PAC is presented by the user to a target application whenever
access to a protected resource is needed. The target application
makes an access control decision according to the user's security
attributes from the PAC, and other access control information (for
example an Access Control List) attached to the controlled
A PAC can be used more than once at more than one target
application. It is digitally signed to prevent it being
undetectably tampered with.
In some circumstances a user might want an application to act on
his or her behalf. The user might want to delegate access rights
to that application. SESAME supports delegation, allowing this to
be controlled by the user, who can dictate which applications are
permitted to act as delegates, and which other applications they
can access on the user's behalf.
The PAC is cryptographically protected from the point it leaves
the Privilege Attribute Server all the way to the final target
application to prevent anybody but its genuine owner or an
authorised delegate making use of it.
To provide this protection SESAME needs to establish temporary
secret cryptographic keys shared pairwise between the
participants. Kerberos key distribution protocols can be used
for this, but they can also be either supplemented, or where
appropriate completely replaced by public key technology. SESAME
also supports Certification Authorities, X.509 Directory user
certficates, following ISO/ITU-T standards.
User data passed in a dialogue between a client and a server can
optionally be either integrity protected or confidentiality
protected or both, using specially created Dialogue Keys.
Dialogue Keys also ensure that the actions that are authorised
really have come from the user whose PAC is providing the basis
for that authorisation.
HOW DOES SESAME RELATE TO KERBEROS?
Similar work, aimed specifically at UNIX systems, has been done by
the Massachusetts Institute of Technology which has developed a
basic distributed single sign-on technology called
Kerberos has been proposed as an Internet standard (rfc1510).
In the light of this work, the SESAME project decided that in its
early implementation some of the SESAME components would be
accessible through the Kerberos V5 protocol (as specified in
RFC1510), and would use Kerberos data structures, as well as new
SESAME ones. This has shown unequivocally that a product quality
approach reusing selected parts of the Kerberos specification is
workable and that a world standard is possible incorporating
features of both technologies."
SESAME adds to Kerberos : Heterogeneity, sophisticated access
control features, scalability of public key systems, better manageability,
audit and delegation.
WHAT ABOUT THE GSS-API?
Another important development in the field of Open distributed
system security has been the Generic Security Services Application
Program Interface (GSS-API). This interface hides from its
callers the details of the specific underlying security mechanism,
leading to better application portability, and moving generally in
the direction of a better interworking capability.
The GSS-API also completely separates the choice of security
mechanism from choice of communications protocol. A GSS-API
implementation is viable across virtually any communications
method. GSS_API is an Internet and X/Open standard.
SESAME is accessed through the GSS-API, extended to support
features needed to provide distributed Access Control.