Shen: A Security Scheme for the World Wide Web

The shen proposal has a number of components:

Description of the ideas behind Shen and implementation details.
Source code is avaliable but at present has only been tested on a Sun and is known to fail on little endian machines (eg DECstation). Binaries are avaliable for Sun only.
The European release of Shen makes use of many subroutines taken from the Secude product. It is intended that future releases of Shen will provide the option of interfacing to the Secude key management facilities.
WIT Discussion
Discussion of security issues on the Web.

This work was funded by the European Union and CERN.

Other Documents of interest

CommerceNet Secure HTTP Proposal
MIME RFC1521, RFC1522
Multi-media Internet Mail Extensions
PEM: RFC 1421, RFC 1422, RFC 1423, RFC 1424
Privacy Enchanced Mail.
GSS: RFC-1508, RFC-1509
Generic Security Service
Certificate Scheme Requirements
Certificate handling scheme.
TAOS authentication
a system that has forwarding of credentials
An Extensible Framework for Authentication and Delegation
Proxy-Based Authorization and Accounting for Distributed Systems


The guiding philosophy behind this proposal has been to build as far as is possible on existing RFCs. In particular the PEM specifications. This is to encourage integrated mail, news and Web systems. It is envisaged that a common consensus for an interworking standard will be reached following Shen and other work on secure forms of HTTP for example by Tony Sanders of BSDi, and by the team at EIT.

Phillip M. Hallam-Baker CERN Programming Techniques Group
Version 1.0R2