Hyperlink: Security: Protocols & Applications
Meta-Reference on Information Technology

PGP - Pretty Good Privacy

PGP is a practical utility for cryptography and digital signature (certificate), based on the most modern, safe and efficient cryptography systems known. PGP was originally created and developed by Philip R. Zimmermann in 1991.

The U.S. Government was against Phil Zimmermann claiming violation of export restrictions on PGP criptography. Only in January 1996 the U.S. Courts definetively dropped the legal case. In March of the same year, PGP Inc. was formed, dealing with commercial versions of PGP, with Phil Zimmermann as CEO. In Dezember 1997, Network Associates Inc. (NAI) acquired the property of PGP Inc. company and Phil stayed on with NAI as Senyor Member to provide technical guidance for PGP's continued development, and to ensure the integrity of produced version (up to 7.0.3), free of back doors and with public release of complete source code.

In February 2001, he quits NAI to move on to his own projects on protect personal privacy. Phil launched OpenPGP Consortium, to facilitate interoperability of different implementations of the OpenPGP standard. In June 2002, PGP products and intellectual property were acquired from Network Associates by a new company called PGP Corporation, where Zimmermann now serves as special advisor and consultant. And Phil Zimmermann himself is now also a PGP reseller.

• Pretty Good Privacy (PGP)
  From Wikipedia, the free encyclopedia.
• International PGP Home Page - PGPi
  Maintained by PGP activist Stale Schumacher, in an independent site in Norway (www.ifi.uio.no/pgp/), also accessible as pgpi.com and pgpi.net.
  Download International PGP Freeware.
  Why do you need PGP? - by Phil Zimmermann.
• PGP Corporation
  Pretty Good Privacy (PGP).
  PGP Desktop Professional Technical Specifications - Public Key Formats: OpenPGP (RFC 2440), X.509; Public Key Algorithms: Diffie-Hellman (DH), DSS, RSA (v4 up to 4096-bit); Symmetric Key Algorithms: AES (up to 256-bit), CAST, TripleDES, IDEA, Twofish; Hashes: SHA-1, MD5, RIPEMD-160; Network Protocols: TLS/SSLv3, IKE, SECSH.
  PGP Freeware from PGP Corporation.
  PGP Europe.
• Phil Zimmermann's Home Page
  Philip R. Zimmermann, the creator of Pretty Good Privacy (PGP).
  Where to Get PGP.
• OpenPGP Alliance
  OpenPGP is the most widely used email encryption standard in the world. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) Proposed Standard RFC 2440.
  The OpenPGP Alliance is a growing group of companies and other organizations that works to facilitate technical interoperability and marketing synergy between OpenPGP implementations.
• An Open Specification for Pretty Good Privacy (openpgp) Charter, IETF
  RFC 2440: OpenPGP Message Format, Nov 1998.
  RFC 2440bis07: OpenPGP Message Format - IETF Draft, Mar 2003, expires Sep 2003.
  IETF Open PGP mailing list.
• GnuPG - The GNU Privacy Guard
  GnuPG is a complete and free replacement for PGP. Because it does not use patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) standard compliant application. GnuPG is Free Software.
• gpg4Win
  EMail-Security using GnuPG for Windows. Project Gpg4Win provides a installer package for Windows with computer programs and handbooks for e-mail and file encryption, including Windows version of GnuPG, several front-ends and some documentation.
• PGP Freeware MIT Distribution
  MIT distributes PGP Freeware without cost for personal, non-commercial use, in cooperation with Philip Zimmermann, Network Associates, and with RSA Security. This PGP distribution supports RSA public-key encryption technology. PGP Freeware is distributed by MIT only to United States and Canada.
• Enigmail extension for Mozilla/Netscape
  Enigmail is an extension to the mail client of Mozilla / Netscape 7.x which allows users to access the authentication and encryption features provided by the popular GnuPG software. Enigmail is open source and dually-licensed under the GNU General Public License (GPL) and the Mozilla Public License.
• WinPT: Windows Privacy Tools
  Windows Privacy Tools (WinPT) is a collection of multilingual applications for easy digital encryption and signing of content. It's GnuPG-based, compatible with OpenPGP compliant software (like PGP) and free for commercial and personal use under the GPL.
• GPG Shell
  GPGshell is a graphical interface for GnuPG (GNU Privacy Guard). It requires an already working installation of GnuPG v1.2.2, since it does not have any cryptographic code itself. GPGshell is Freeware.
• Site sobre PGP, em português: Servidor de chaves públicas, Tutorial, FAQ.
• PGP -- Pretty Good Privacy
• PGP Timeline and brief History, by Adam Back
• Servidores de chaves públicas PGP:
  • PGPnet - worldwide network of synchronized PGP Keyservers
    WWW Based PGP 5.0 Key Server System
  • keys.pgp.com
  • pgpkeys.mit.edu
  • pgp.ai.mit.edu
  • Swiss PGP Keyserver at ETH Zürich
• Google Directory: PGP

---

SSH - Secure Shell

• SSH - Secure Shell
  By SSH Communications Security, also as ssh.com.
  SSH Technical Corner:
  SSH IETF Archive, Cryptography A-2-Z, IPsec Testing Zone, White Papers.
  SSH Secure Shell.
  Secure Shell Downloads: SSH Secure Shell for Handhelds, Servers, Windows Servers, Workstations - eCommerce (Online store), Evaluation, Non-commercial. SSH Secure Shell for Workstations (Client): Official download FTP site & mirrors.
• OpenSSH
  OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools. It contains support for SSH1 and SSH2 protocols. Also as openssh.org.
• Ssh (Secure Shell) FAQ
  By Thomas König, 1997.
  Mirrors: MIT FAQs, FAQs.org.
• Secure Shell (secsh) Charter - SSH protocol, IETF
• FreeSSH.org
  SSH Resources. SSH Clients/Servers on Windows, Unix, Java and others.
• PuTTY: A Free Win32 Telnet/SSH Client
  PuTTY is a free implementation of SSH, Telnet and Rlogin client for Win32 platforms, along with an xterm terminal emulator. It is written and maintained primarily by Simon Tatham. PuTTY Companion utilities: PSCP, Plink, Pageant and PuTTYgen. Legal warning: Use of PuTTY, PSCP, PSFTP and Plink is illegal in countries where encryption is outlawed. Telnet-only binary (PuTTYtel) has unrestricted use, since it uses no cryptography.
  Download PuTTY Windows on Intel x86: HTML, FTP.
• Le Putty
  "Le Putty" is a ssh suite for Windows based on the very popular Putty project, but with added functionality that can not be included in the regular Putty. "Le Putty" should be as much as possible compatible with the original Putty. Added features: z modem transfers, keep alive with plink (useful when using plink for doing port forwarding), cleaned up command line options.
  Brought to you by Nicolas Barry, proud supporter of vim.
  SourceForge Project: leputty.
• WinSCP
  WinSCP is a freeware SCP (Secure CoPy) client for Windows using SSH (Secure SHell). Its main function is safe copying of files between a local and a remote computer. Beyond this basic function, WinSCP manages some other actions with files. By Martin Prikryl.
• SSHTools.com - Open Source SSH Toolkits for Java
  SSHTools.com is dedicated to the open source development of Java enabled SSH servers, client applications and development libraries. Hosted by SourceFforge.net, the site is the central resource for all the SSHTools open source projects.
  SSHTools Sourceforge, SourceForge Project: SSHTools - Java SSH Solutions.
• FreSSH
  FreSSH is a free implementation of the SSH communication protocol. It is compact, modular, portable, and designed for security and performance. It is a completely new implementation sharing no code with any other implementation of the SSH communication protocol.
• SSHDOS
  SSHDOS is a DOS port of SSH, SCP, SFTP and Telnet clients. Needs a packet driver (or a PPP driver for dialup connection) only.
  See WATTCP, Erick Engelke's free and easy way to add TCP/IP connectivity to your DOS applications.
  sshdos SourceForge Project.
• Google Directory: Internet Protocols: SSH
  SSH Clients, Servers, Documentation. See also Computer Security: Cryptography.

---

Cryptographic Tunneling in Networks

TLS - Transport Layer Security & SSL - Secure Sockets Layer

• SSL 3.0 Specification by Netscape
  SSL - Secure Sockets Layer Protocol, especifications of this criptography protocol for secure transactions trought the Web.
• CSI: Overview of SSL 3.0
  Presentation by Jeff Treuhaft
  Netscape Internet Developer Conference 1996 - Commerce and Security
  Netscape Developer's Edge Archived Conference Materials.
• Planet SSL
  RSA Security, Inc., Ronald L. Rivest. Developer Resources - Standards.
• OpenSSL Project
  The Open Source toolkit for SSL/TLS
  The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The project is managed by a worldwide community of volunteers via Internet.
• SSLeay
  By and .
• mod_SSL: The Apache Interface to OpenSSL
  This module provides strong cryptography for the Apache webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL. The mod_ssl package is licensed under a BSD-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes.
• Apache-SSL
  Apache-SSL is a secure Webserver, based on Apache and SSLeay/OpenSSL. It is licensed under a BSD-style licence, which means, in short, that you are free to use it for commercial or non-commercial purposes. Apache-SSL is different from mod_ssl.
• Phaos SSL Resource Center
• Transport Layer Security (tls) Charter, IETF
• RFC 2246 - The TLS Protocol, Version 1.0, January 1999
• Network Security Services (NSS) by Mozilla.org
  SSL/TLS Module. NSS - Mozilla Developer Center.

Virtual Private Network (VPN)

• Virtual Private Network Consortium (VPNC)
  VPNC's archive of the IPsec mailing list
• Virtual Private Network Daemon
  By Andreas Steinmetz, Denmark.
  The virtual private network daemon (vpnd) is a daemon which connects two networks on network level either via TCP/IP or a (virtual) leased line attached to a serial interface. All data transfered between the two networks are encrypted using the unpatented free Blowfish encryption algorithm.
• PGP Virtual Private Network (VPN) Suite
  By PGP Security - Network Associates
• FirstVPN Research
  Articles, White Papers.
• VPN's: IPSec vs. SSL
  By Tony Bradley, CISSP, MCSE2k, MCSA, A+. About.com Network Security.

IPSec - IP Security

IPsec is a suite of cryptographic extensions to the normal TCP/IP protocol suite. Before IPsec, applications had to handle their own cryptography functions (like SSL for HTTP). With IPsec, this logic can be pushed down to the network layer.

• Linux FreeS/WAN
  Linux FreeS/WAN is a free implementation of IPSEC & IKE for Linux. FreeS/WAN derives its name from S/WAN, which is a trademark in the USA of RSA Data Security, Inc; used by permission.
• Zebedee: Secure IP tunnel
  Zebedee is a simple program to establish an encrypted, compressed "tunnel" for TCP/IP or UDP data transfer between two systems. This allows traffic such as telnet, ftp and X to be protected from snooping as well as potentially gaining performance over low-bandwidth networks from compression.
  The main goals for Zebedee are to: Provide full client and server functionality under both UNIX and Windows 32-bit. Be easy to install, use and maintain with little or no configuration required. Have a small footprint, low wire protocol overhead and give significant traffic reduction by the use of compression. Use only algorithms that are either unpatented or for which the patent has expired. Be entirely free for commercial or non-commercial use and distributed under the term of the GNU General Public Licence.
• IP Security Protocol (ipsec) Charter, IETF
• IP Security (IPSEC) Resources
  Theodore Ts'o (co-chair of the IPSEC working group), MIT
  Minutes of the IPSEC Meetings from 1997 to 1998.
• IETF IP Security Working Group News (old)
  Minutes of the IPSEC Meetings 1995.
• NIST IPsec Project
  National Institute of Standards and Technology (NIST), USA.
  NIST Cerberus, An IPsec Reference Implementation for Linux (alternative link)
  IP Security Web Based Interoperability Tester (IPsec-WIT), NIST.
• advICE : Reference : Networking
  Internet Security Systems Reference by Network ICE.
• KAME Project
  KAME Project is a joint effort of seven companies in Japan to provide a free IPv6 and IPsec (for both IPv4 and IPv6) stack for BSD variants to the world.
  OpenBSD IPSec FAQ.
  NetBSD IPsec.
• IPSec RFCs and How-To
  Maintained by Tina Bird.
• IPSec Developers Forum
• SSH Sentinel IPSec
  By SSH Communications Security.

---

Cryptographic Hash & Message Digest

• MessageDigest Algorithms
  By Wei Day.
• File Fingerprints: The Goods, the Bads, and the Unknowns
  Paper (PDF) by Simson L. Garfinkel, 2003.
• Authenticators and signatures
  By prof. Daniel J. Bernstein, Department of Mathematics, Statistics, and Computer Science, UIC.
  Poly1305-AES: A state-of-the-art message-authentication code.
• MSDN Library: Security - Cryptography - Hashing
• Digest:: - Perl Modules that calculate message digests
  MD5, SHA1, HMAC, MD2.
• Microsoft File Checksum Integrity Verifier (FCIV) utility
  The File Checksum Integrity Verifier (FCIV) is a command-prompt Windows utility that computes and verifies cryptographic hash values of files. FCIV can compute MD5 or SHA-1 cryptographic hash values. These values can be displayed on the screen or saved in an XML file database for later use and verification. FCIV is freely provided by Microsoft support for download.
• HandyArchive Free Checksum Downloads

MD5 - Message Digest #5

• RFC-1321 - The MD5 Message-Digest Algorithm
  By Ronald Rivest, MIT Laboratory for Computer Science and RSA Data Security, April 1992.
  Includes a Reference Implementation in C.
  RSA intellectual property information on its MD algorithms.
• MD5 (Message-Digest algorithm 5)
  From Wikipedia, the free encyclopedia.
• MD5 Homepage (unofficial)
  Introduction and links to implementations for the message authentication (data integrity validation) algorithm MD5 developed by prof. Ronald L. Rivest (MIT/RSA), available for several programming languagens: C, C++, JavaScript, Miva, Perl, PHP, VB.
• RSA-MD5 Signature Suite - Version 1.0
  By Philip A. DesAutels and Peter Lipp, W3C Digital Signature Initiative (DSig).
• GNU Core Utilities - Coreutils
  Formerly Textutils - GNU Project, FSF. Includes md5sum - compute and validate MD5 message digest, besides sha1sum, cksum, sum, and other common Unix text utilities.
  Source-code download. TextUtils for Windows @ GnuWin32. Textutils for Solaris @ Sunfreeware & md5sum Information @ Sun - Solaris.
• MD5summer
  Windows MD5 sum generator/validator with graphical interface. Postcardware (if you like MD5summer, please send a postcard to the author).
• md5deep
  md5deep is a cross-platform set of programs to compute MD5 message digests or SHA-1 message digests on an arbitrary number of files. The programs run on Windows, Linux, FreeBSD, OS X, Solaris, and should run on most other platforms. md5deep is similar to the md5sum program from GNU Coreutils package, but has additional features. Free.
• etree.org | md5sum.exe
  md5sum console utility for Win32.
• Fast MD5 Implementation in Java
  By Timothy W Macinta.
• MD5sums
  By PC-Tools.Net. Freeware Windows console tools and utilities.
• WinMD5
  Compute MD5 checksums on Win32 platforms. Supports drag and drop. Free software.
  WinMD5 1.1 for Windows.
• MD5 Checksum Generator
  For Windows, made in Delphi, available with source code.

SHA/SHS - Secure Hash Algorithms / Standard

The SHA (Secure Hash Algorithm) family is a set of related cryptographic hash functions. The most commonly used function in the family, SHA-1, is employed in a large variety of popular security applications and protocols, including SSL, PGP, SSH, S/MIME, and IPSec. SHA-1 is considered to be the successor to MD5, an earlier, widely-used hash function. The algorithms were designed by the National Security Agency (NSA) and published as a US government standard. (From Wikipedia)

• NIST Cryptographic Toolkit: Secure Hashing - SHS/SHA
  Secure Hash Standard (SHS) & Secure Hash Algorithms (SHA).
  By National Institute of Standards and Technology (NIST) - Computer Security Resource Center (CSRC), USA.
  NIST CSRC Cryptographic Algorithm Validation Program (CAVP).
• Secure Hash Signature Standard (SHS) - FIPS 180-2
  This Standard specifies four secure hash algorithms - SHA-1, SHA-256, SHA-384, and SHA-512 - for computing a condensed representation of electronic data (message). Federal Information Processing Standards (FIPS) Publication 180-2, August 2002. Category: Computer Security Standard, Cryptography.
  FIPS 180-1: SHA-1, April 1997.
• SHA (Secure Hash Algorithm) hash functions
  From Wikipedia, the free encyclopedia.
• sha.cpp Source File
  SHA-2 C++ implementation by Wei Dai, modified from SHA-1 C implementation by Steve Reid. Both are in the public domain.
  Part of the Crypto++ Library, by Wei Dai.

HMAC - Hash Message Authentication Code

• HMAC: Keyed-Hashing for Message Authentication
  RFC-2104, February 1997. By H. Krawczyk (IBM), M. Bellare (UCSD), R. Canetti (IBM).
• The HMAC papers
  By Mihir Bellare, UCSD.

---

Public-Key Cryptography

Public-Key Cryptography Standards (PKCS)

The Public-Key Cryptography Standards are specifications produced by RSA Laboratories in cooperation with secure systems developers worldwide for the purpose of accelerating the deployment of public-key cryptography. First published in 1991 as a result of meetings with a small group of early adopters of public-key technology, the PKCS documents have become widely referenced and implemented. Contributions from the PKCS series have become part of many formal and de facto standards, including ANSI X9 documents, PKIX, SET, S/MIME, and SSL.

• Public-Key Cryptography Standards (PKCS) RSA Laboratories.
• PKCS
  From Wikipedia, the free encyclopedia.

Cryptographic Message Syntax (CMS)

• RFC 3369 - Cryptographic Message Syntax (CMS)
  By R. Housley, RSA Laboratories, August 2002. This document describes the new Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content. This document obsoletes RFC 2630 and RFC 3211.
• RFC 3370 - Cryptographic Message Syntax (CMS) Algorithms
  By R. Housley, RSA Laboratories, August 2002. This document describes the conventions for using several cryptographic algorithms with the Cryptographic Message Syntax (CMS).
• RFC 2630 - Cryptographic Message Syntax
  By R. Housley, SPYRUS, June 1999. This Cryptographic Message Syntax is derived from PKCS #7 version 1.5 as specified in RFC 2315 [PKCS#7]. Wherever possible, backward compatibility was preserved.
• RFC 3274 - Compressed Data Content Type for Cryptographic Message Syntax (CMS)
  By P. Gutmann, University of Auckland, June 2002.

S/MIME - Secure MIME

• IETF S/MIME Working Group
  By Internet Mail Consortium (IMC).
• S/MIME Mail Security (smime) Charter
  Internet Engineering Task Force (IETF).
• RFC 2633 - S/MIME Version 3 Message Specification
  By B. Ramsdell, editor, Worldtalk, June 1999.
• RFC 2311 - S/MIME Version 2 Message Specification, March 1998.
• S/MIME Central
  RSA Security, Inc., Ronald L. Rivest. Developer Resources - Standards.

---

Secret-Key Cryptography

Advanced Encryption Standard (AES) & Rijndael

Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen, selected by NIST for the Advanced Encryption Standard (AES).

• Advanced Encryption Standard (AES)
  NIST AES.
• The Rijndael Block Cipher
  Page dedicated to the fans of the Rijndael Block Cipher, whose selection, in an upset of Karelinean proportions, as the NIST Advanced Encryption Standard (AES) has brought down the Feistal cipher dynasty.
• Rijndael Page
• Implementations of AES (Rijndael) in C/C++ and Assembler
  By Dr. Brian Gladman, Ph.D., UK.
• Advanced Encryption Standard (AES)
  AES libraries source code for download.
• AxCrypt - File Encryption for Windows
  AxCrypt File Encryption - Personal Privacy and Security free open source for Windows with AES-128 File encryption, compression, wipe and transparent decrypt and open in the original application, with a few mouse clicks and integrated with Windows Explorer. Cryptographic primitives are AES-128 and SHA-1. By Svante Seleborg/Axon Data.

---

Protocols & Applications

• Security Protocols and Specifications
  Cryptographic APIs, Secure Internet Protocols, Secure IP/Datagrams, Random Number Generators, Certificates, Envelopes and MIME, Digital Signing and Content Rating, Privacy Enhancement for Internet MAIL (PEM), Public Key Exchange, Cryptographic Specifications, Public Source, Other References, Privacy & Politics.
• advICE : Reference : Networking
  Internet Security Systems Reference by Internet Security Systems (ISS, formerly Network ICE).
• TechFest - Networking Protocols
  By TechFest. Links of general information on networking protocols. TCP/IP, IPv6 & NGI, Routing, IAN, ICMP, E-Mail (POP, IMAP, SMTP), FTP, TFTP, Telnet, HTTP, HTML, UDP, PPP, SLIP, DNS, DHCP, SOCKS, NNTP, NTP, LDAP, NHRP, MPLS, IP Multicast, RSVP, , diffserv, intserv, IPSec, Firewalls, IP over ATM, Voice Over IP (VoIP), Multimedia, OSI, FTAM, Netware IPX, AppleTalk, DECnet, Xerox XNS, Banyan Vines, NETBIOS, SNA, DLS, VLANs, Bridging, Trunking / Link Aggregation, Jini.
• Cryptomak Cipher Tools
  Cryptomak is collection of php scripts for encryption and decryption purpose. Cryptomak is using Phrame as web application platform which implements MVC (Model, View, Controller) design. At the view layer, Cryptomak is using Smarty as template engine.
  Cryptomak live Demos - Cipher: Simple Shift, Monoalphabetic Substitution, Columnar Transposition, Vigenere Cipher, Permutation, Affine Cipher, Xoft Cipher, Base64 Cipher - Tool: Frequency Distribution, Index of Coincidence.

HTTP Authentication

• RFC 2617 -- HTTP Authentication: Basic and Digest Access Authentication
  RFC 2617 Draft Standard, June 1999; RFC 2617 at FAQs.org.
• Basic access authentication
  Digest access authentication
  From Wikipedia, the free encyclopedia.
• Authentication, Authorization, and Access Control
  Apache HTTP Server, Version 2.2 How-To.
  Version 2.0, Version 1.3.
• HTTP Authentication with HTML Forms
  By Paul James, 2007-11-07.
• HTTP Authentication Setup - A Quick-Step Guide
  By Hagan Fox, 2006, Qdig - Quick Digital Image Gallery.

Kerberos

• Kerberos: The Network Authentication Protocol
  By Massachusetts Institute of Technology (MIT).
• USC/ISI Kerberos Page
  The Kerberos Network Authentication Service site, by USC/ISI's GOST Group. Documentation & Papers, Software Distributions, FAQ, Related systems, Additional help sources, Commercial support, Open issues.
• Kerberos Working Group (krb-wg) Charter, IETF

SOCKS

SOCKS is a generic proxy protocol for TCP/IP-based networking applications. SOCKS includes two components, the SOCKS server and the SOCKS client. The SOCKS server is implemented at the application layer. The SOCKS client is implemented between applications and transport layer.

• SOCKS
  By NEC Networking Systems Laboratory.
  About Socks - Overview: Technical information.
• RFC 1928 - SOCKS Protocol Version 5, March 1996
• Dante - A Free Socks Implementation
  By Inferno Nettverk A/S, Oslo, Norway.

PAM - Pluggable Authentication Modules

• OpenPAM
  OpenPAM is an open source PAM library that focuses on simplicity, correctness, cleanliness, and portability. OpenPAM aims to gather the best features of Solaris PAM, XSSO and Linux-PAM, plus some innovations of its own. In areas where these implementations disagree, OpenPAM tries to remain compatible with Solaris, at the expense of XSSO conformance and Linux-PAM compatibility.
  OpenPAM is an open-source implementation of the Sun PAM API, developed by ThinkSec under DARPA contract. OpenPAM currently implements the full PAM API as specified in the X/Open Single Sign-on (XSSO) preliminary specification, minus token mapping and secondary authentication (which are not part of the original PAM API). It is intended to be source-code compatible with Solaris 9 PAM.
  SourceForge Project: OpenPAM.
• Solaris PAM (Pluggable Authentication Modules)
  PAM allows integration of various authentication technologies such as UNIX, Kerberos, RSA, smart cards and DCE into system entry services such as login, passwd, rlogin, telnet, ftp, and su without changing any of these services. PAM is integrated into the Solaris 2.6 release.
• Linux-PAM (Pluggable Authentication Modules) for Linux
  Linux-PAM provides a flexible mechanism for authenticating users. PAM was invented by SUN Microsystems.
  SourceForge Project: PAM.
  PAM for Apache.
• PAM (Pluggable Authentication Modules)
  In Linux User Authentication HOWTO, Peter Hernberg, 2000.
• Authen::PAM
  Authen::PAM is a perl module which provides an interface to the PAM library. By Nikolay Pelov. Authen-PAM at CPAN, Perldoc Authen::APAM.
• Making Login Services Independent of Authentication Technologies
  By Vipin Samar & Charlie Lai, Sun Microsystems. Article on Pluggable Authentication Module (PAM) framework.
• Using LDAP & PAM for SSO Authentication
  SAAS - Guide to using LDAP with PAM on Linux.
• Pam-list: Pluggable Authentication Modules List
  PAM Discussion List Archive Mirror.

Single Sign-On (SSO)

• Single sign-on
  From Wikipedia, the free encyclopedia.
• CoSign - Collaborative single sign-on
  CoSign is an open source Web Single Sign-On, for secure, intra-institutional web authentication. Also as weblogin.org. By University of Michigan.
• Central Authentication Service (CAS)
  The JA-SIG Central Authentication Service was originally developed by Yale University Information Technology Services (ITS). It has since become a JA-SIG project. Additional CAS client implementations available for Apache (MOD_CAS, AuthCAS mod_perl), ISAPI (CCCI CAS agent), Java (J2SE, JSP, JSR-168 portlets, Spring/Acegi), ColdFusion, PAM, Perl, PHP (PHP client, Prado), Ruby on Rails, uPortal, WebObjects, Zope (CASUserFolder).
• ESOE - Enterprise Sign On Engine
  Integrated identity management, single sign on, authorization, federation and accountability for enterprise resources access, in a very extensible manner. The ESOE is built using the OASIS SAML 2.0 specification, and the ESOE's engine is built around a reduced version of the OASIS XACML 2.0 standard which they have called Lightweight XACML (LXACML). ESOE is open source, licensed under Apache 2.0.
  ESOE Users wiki: Installation and Administration Documentation, Support and Mailing Lists, Downloads.
• X/Open Single Sign-on Service (XSSO)
  XSSO Architecture, XSSO Sign-on Services, Pluggable Authentication Modules (PAM), XSSO Account Management Services.
• See: Java APIs: Security: Single Sign-On (SSO)

Server Gateway Cryptography (SGC)

• Server Gateway Cryptography (SGC)
  By Microsoft.

SET - Secure Electronic Transaction

The Secure Electronic Transaction (SET) Specification is an open technical standard for the commerce industry, developed by Visa and MasterCard as a way to facilitate secure payment card transactions over the Internet. Digital Certificates create a trust chain throughout the transaction, verifying cardholder and merchant validity.

• SET Secure Electronic Transaction (SET)
  Definition by Whatis.com.
• Visa Partner Network
  payment technologies and businesses providing components of the payment infrastructure for Visa Member banks.
  Visa for Bussiness.
• MasterCard SET Site