Using Kerberos for authenticating the distribution of controlled substances, etc.

Jeffrey Altman jaltman at
Wed Jul 18 11:38:46 EDT 2007

At SOUPS the following real world scenario was raised.  In hospitals
there is a strong desire for single sign-on, but there are a number of
situations in which there is a requirement that multiple users perform
an "in person" authentication in order to prevent the abuse of
controlled substances or perhaps to verify that the correct body part
was in fact entered into the patient's chart.  Applications address
these regulatory requirements by prompting each user for their name and
password for each transaction.  This is separate authentication from the
name and password required for the initial authentication required for
starting the application.

When Single Sign-on replaced per-application logon, the cached single
sign-on credentials can be used for the authentication required when
starting the application but they must not be used for the multiple user
"in person" transaction authentications which are being used as a form
of signature that is recorded for audit compliance.

One serious question is how do we design the user experience such that
these multiple authentications can be performed for a single transaction
and ensure that the credentials retrieved for the transaction are
discarded after a single use.  Current single sign-on models as applied
to authentication and data confidentiality for network protocols do not
satisfactorily address this usage model.  We clearly do not want
individual applications to provide their own dialogs for prompting users
for Kerberos passwords or other secrets.

I do not have a proposal at the moment.  I am posting this primarily so
that people will think about the issue.

Jeffrey Altman
Secure Endpoints Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the krbdev mailing list