Authentication Binding between SSL/TLS and HTTP
Abstract
While the Secure Socket Layer or Transport Layer Security (SSL/TLS) is assumed to provide secure communications over the Internet, many web applications utilize basic or digest authentication of Hyper Text Transport Protocol (HTTP) over SSL/TLS. Namely, in the scheme, there are two different authentication schemes in a session. Since they are separated by a layer, these are not convenient for a web application. Moreover, the scheme may also cause problems in establishing secure communication. Then we provide a scheme of authentication binding between SSL/TLS and HTTP without modifying SSL/TLS protocols and its implementation, and we show the effectiveness of our proposed scheme.
- Publication:
-
IEICE Transactions on Information and Systems
- Pub Date:
- 2012
- DOI:
- 10.1587/transinf.E95.D.797
- Bibcode:
- 2012IEITI..95..797S
- Keywords:
-
- web information systems;
- web services;
- security protocol;
- authentication protocol;
- SSL/TLS