Abstract
Authentication infrastructures have been around for many years now. They are very popular in big computing environments where scalability is a key requirement. In such environment, it’s not very cost-efficient from both an implementation and an administration point-of-view to create a separate authentication system for every individual computer system, resource or application server. It is much better to outsource this functionality to an authentication “infrastructure”.
The outsourcing of authentication to a specialized infrastructure also enables the enforcement of a consistent authentication policy throughout the enterprise. Another major driver behind the creation of authentication infrastructures is single sign-on (SSO). In short, SSO is the ability for a user to authenticate once to a single authentication authority and then access other protected resources without reauthenticating. The Open Group defines SSO as the mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where that user has access permission, without the need to enter multiple passwords.
This paper focuses on the architectural approaches one can take when designing an SSO solution for a large I.T. infrastructure and on the security technology building blocks that can be used to construct such an SSO infrastructure. This brief does not address the architecture of every SSO solution that is currently available on the software market. Many of them have a relatively small scope and only span a couple of applications, platforms or authentication methods.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References and Additional Reading
Burton Group Technical Position on “User Authentication”.
Richard E. Smith, “Authentication: From Passwords to Public Keys”, Addison-Wesley, ISBN 0-201-61599-1.
Burton Group Network Strategy Report on “Single Sign-on”.
Network Applications Consortium (NAC) Position Paper: “Enterprise-wide Security: Authentication and Single Sign-on”.
The Open Group, Security Forum on Single Sign-on: http://www.opengroup.org/security/l2-sso.htm.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
De Clercq, J. (2002). Single Sign-On Architectures. In: Davida, G., Frankel, Y., Rees, O. (eds) Infrastructure Security. InfraSec 2002. Lecture Notes in Computer Science, vol 2437. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45831-X_4
Download citation
DOI: https://doi.org/10.1007/3-540-45831-X_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44309-4
Online ISBN: 978-3-540-45831-9
eBook Packages: Springer Book Archive