110 Copyright © 2009 Open Geospatial Consortium, Inc. 10.5.3 Kerberos see [16] Kerberos is a Computer Network Authentication Protocol that was developed by the Massachusetts Institute of Technology MIT that allows proving of identities between communication partners to each other using a non-secure network. Therefore, Kerberos provides mutual authentication so that the user and the server can verify each other’s identity. The protocol protects against eavesdropping wiretapping and replay attacks. Today, Kerberos is mainly used for authentication in Microsoft Windows Systems. Technically, authentication is based on so called Kerberos Tickets. After a successful login at the Authentication Server AS using a long term shared secret such as a username password, the client receives a ticket from the AS. This AS-ticket can then be used to obtain shorter lifecycle tickets to be used with other servers. 10.5.4 LDAP see [17] The Lightweight Directory Access Protocol LDAP is a protocol for querying and modifying entries of a Directory Service DS. A DS is a computer program that stores information typically structured using X.500 about users and computers in a network. Each entry has a unique identifier, called the distinguished name dn. Each entry can have additional attributes that have a name and a value that – as a whole – define the characteristics of the entry. The stored information is used by administrators to assign roles or access permissions to resources. In an Attribute Based Access Control ABAC System, the attributes and their values can be used to derive the authorization decision. In such systems, it is vital to keep the X.500 structure backward compatible. The LDAP can be used by other authentication protocols to queryexchange identity information. 10.5.5 XCBF see [18] The XML Common Biometric Format XCBF is an OASIS standard that defines cryptographic messages, based on a common set of XML encodings for the Common Biometric Exchange File Format CBEFF that allow the secure collection, distribution and processing of biometric information for the purpose of authentication. In particular, it allows the verification of identity based on human characteristics such as DNA, fingerprints, iris scans and hand geometry. Copyright © 2009 Open Geospatial Consortium, Inc. 111 10.5.6 SAML see [10]