Details on SESAME I

• SESAME uses the widely accepted Generic Security Service API (GSS-API).

• The user gets mechanism transparency.

• To access the distributed system, a user first authenticates to an Authentication Server to get a cryptographically protected token used to prove his or her identity.

• The user then presents the token to a Privilege Attribute Server to obtain a guaranteed set of access rights contained in a Privilege Attribute Certificate (or PAC). The PAC is a specific form of Access Control Certificate that conforms to ECMA and ISO/ITU-T standards.

Previous slide

Next slide

Back to first slide

View graphic version