SecurSight: An Architecture for Secure Information Access
This paper describes SecurSight, an architecture that combines authentication, authorization, and secure communications. The primary goal of this architecture is to secure access to network resources, while providing a smooth migration path from legacy authentication and authorization methods to a public-key infrastructure. Authentication may utilize either shared secrets or public/private key pairs. Authorization is public-key based and provides both direct support for PKI-aware applications and indirect support for legacy applications. Authorization credentials are portable, and may be used in location-independent fashion, without the need for cumbersome export and import procedures.