A SINGLE SIGN-ON PROTOCOL FOR DISTRIBUTED WEB APPLICATIONS BASED ON STANDARD INTERNET MECHANISMS

Anke Thede, Andreas Geyer-Schulz, Julian Gantner

2004

Abstract

Growing e-commerce and personalized Web sites require users to set up many different personal accounts. Personal data has to be entered many times and each user has to memorize different username and password combinations. This reduces system security as users tend to either use passwords that are very easy to guess, or they write them down, or they use the same password for many different accounts. It also increases the cost of the administration of the user accounts. We propose a protocol for a single sign-on system that allows users to visit multiple internet applications having to login only once. The system is based on standard internet mechanisms. It is composed of different servers that provide authentication and authorization services and is based on cookie technology. The system is designed to be implemented in a heterogenous environment with independent and diverse service providers. The communication between the servers is done via Web services. Additionally, plug-ins are available for other protocols that allow for easy integration of existing authentication and authorization components. A prototype system is operational at the Schroff Stiftungslehrstuhl Information Services and Electronic Markets.

References

  1. Anchan, D. and Pegah, M. (2003). Regaining single sign-on taming the beast. In Proceedings of the 31st annual ACM SIGUCCS conference on user services, pages 166 - 171.
  2. de Laat, C., Gross, G., Gommans, L., Vollbrecht, J., and Spence, D. (2000). RFC 2903: Generic AAA Architecture. Network Working Group.
  3. Kormann, D. P. and Rubin, A. D. (2000). Risks of the passport single signon protocol. Computer Networks, 33:51-58.
  4. Kristol, D. and Montulli, L. (1997). HTTP State Management Mechanism. Network Working Group RFC 2109.
  5. Liberty Alliance Project (2003). Liberty Architecture Overview v1.1. Technical report, Liberty Alliance Project. http://www.projectliberty.org.
  6. Metz, C. (1999). AAA protocols: Authentication, authorization and accounting for the internet. IEEE Internet Computing, 3(6):75-79.
  7. Microsoft Corporation (2004a). Microsoft .NET Passport for Businesses. http://www.microsoft.com/- net/passport/services/business.asp, accessed Feb 25, 2004.
  8. Microsoft Corporation (2004b). .NET Passport Review Guide. Technical report. http://www.microsoft.com/.
  9. Murawski, R. (2000). Centralized directory services and accounts management project. In Proceedings of the 28th annual ACM SIGUCCS conference on User services: Building the future, pages 198 - 201.
  10. Pfitzmann, B. and Waidner, M. (2003). Analysis of liberty single sign-on with enabled clients. IEEE Internet Computing, 7(6):38-44.
  11. Samar, V. (1999). Single sign-on using cookies for web applications. In Enabling Technologies: Infrastructure for Collaborative Enterprises, pages 158-163. IEEE.
  12. Shirey, R. (2000). Internet security glossary. Working Group RFC 2828.
  13. Steiner, J. G., Neumann, B. C., and Schiller, J. I. (1988). Kerberos: An authentication service for open network systems. In Usenix Conference Proceedings, pages 191 - 202.
  14. Volchkov, A. (2001). Revisiting single sign-on: A pragmatic approach in a new context. IT Professional, 3(1):39-45.
Download


Paper Citation


in Harvard Style

Thede A., Geyer-Schulz A. and Gantner J. (2004). A SINGLE SIGN-ON PROTOCOL FOR DISTRIBUTED WEB APPLICATIONS BASED ON STANDARD INTERNET MECHANISMS . In Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE, ISBN 972-8865-15-5, pages 191-198. DOI: 10.5220/0001400201910198


in Bibtex Style

@conference{icete04,
author={Anke Thede and Andreas Geyer-Schulz and Julian Gantner},
title={A SINGLE SIGN-ON PROTOCOL FOR DISTRIBUTED WEB APPLICATIONS BASED ON STANDARD INTERNET MECHANISMS},
booktitle={Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,},
year={2004},
pages={191-198},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001400201910198},
isbn={972-8865-15-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,
TI - A SINGLE SIGN-ON PROTOCOL FOR DISTRIBUTED WEB APPLICATIONS BASED ON STANDARD INTERNET MECHANISMS
SN - 972-8865-15-5
AU - Thede A.
AU - Geyer-Schulz A.
AU - Gantner J.
PY - 2004
SP - 191
EP - 198
DO - 10.5220/0001400201910198