The present invention relates to Web service provider and authentication service provider.
Kerberos is an authentication system for open network (Reference should be made to Non-patent Reference 1).
Below, the concept of authentication by a third party organization in Kerberos will be explained with reference to FIG. 1 showing the concept of authentication by a third party organization.
Referring to FIG. 1, the fundamental framework of “authentication by a reliable third party organization” adopted with Kerberos includes the steps of: submitting a request to a KDC (Key Distribution Center), when a client wishes to use a service, for a ticket that permits the use of the service (step (1) of FIG. 1); get the ticket (step (2) of FIG. 1); and get the service by submitting the ticket received from the KDC for the service to the server (step (3) of FIG. 1).
However, such a model requires caching of the secret key in the side of the client, and there has been a problem of security in that the secret key may leak.
In order to attend to this problem, the concept of TGT (Ticket Granting Ticket) is proposed.
Hereinafter, the fundamental concept of safe authentication by a third party organization will be explained with reference to FIG. 2, wherein FIG. 2 is a diagram explaining the concept of safe authentication by a third party organization.
Referring to FIG. 2, the client requests for a TGT to an authentication server (Authentication Server) (step (1) of FIG. 2), and acquires the TGT from the authentication server (step (2) of FIG. 2). Next, the client submits the TGT to a TGS (Ticket Granting Server) (step (3) of FIG. 2), and acquires a ticket (server use permission ticket) permitting the use of a desired service (step (4) of FIG. 2). Finally, the client submits this ticket (server use permission ticket) for the intended service. Thereby, the use of the service becomes possible.
In this Kerberos system, the KDC plays the role of AS and also the role of TGS.
By adopting the method of authentication of FIG. 2, the Kerberos system can solve the aforementioned problems and can provide more secure authentication. (Non-patent Reference 1)
Gijutsu Hyoronsha, Editorial Section II, “Firewall & Network security, Practical Technique-all PCs, The strongest security guide for UNIX users and site managers, “Software Design Security Issue”, Gijutsu Hyoron Publishing, 3.7 Kerberos, An Authentication System for Open Network, November 2000.
However, in the above conventional authentication method, there has been a need, when it is desired to add a new Web service that requires a use permission, to setup information (such as proof information, and the like) related to the above-mentioned Web service, in the KDC that provides the service of authentication.
In the case of providing plural Web services, therefore, the need of such additional setup noted above raises the problem of poor efficiency.