On Inter-Realm Authentication in Large Distributed Systems

We define and rationalize a policy for propagation of authentication trust across realm boundaries. This policy helps limit global security exposures that ensue whenever an authentication service is compromised. It is based on a hierarchical model of inter-realm authentication, and can be supported by both public-key and secret-key systems. As an example, we present a simple protocol which selects inter-realm authentication paths that satisfy the policy. The protocol is part of a design that provides application transparency for authentication-path selection and acceptance as the default mode of operation. The design can be integrated with the security services of existing systems; e.g., of the Open Software Foundation's Distributed Computing Environment (DCE). DCE implementation issues are also discussed.