Abstract
At present, network users have to manage one set of authentication credentials (usually a username/password pair) for every service with which they are registered. Single Sign-On (SSO) has been proposed as a solution to the usability, security and management implications of this situation. Under SSO, users authenticate themselves only once and are logged into the services they subsequently use without further manual interaction. Several architectures for SSO have been developed, each with different properties and underlying infrastructures. This paper presents a taxonomy of these approaches and puts some of the SSO schemes, services and products into that context. This enables decisions about the design and selection of future approaches to SSO to be made within a more structured context; it also reveals some important differences in the security properties that can be provided by various approaches.
The author is sponsored by the State Scholarship Foundation of Greece.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adam Back, Ulf Möller, and Anton Stiglic. Traffic analysis attacks and trade-offs in anonymity providing systems. In I. S. Moskowitz, editor, Information Hiding, 4th International Workshop, IHW 2001, volume 2137 of Lecture Notes in Computer Science, pages 245–257. Springer Verlag, Berlin, 2001.
Oliver Berthold and Marit Köhntopp. Identity management based on P3P. In H. Federrath, editor, Designing Privacy Enhancing Technologies, International Workshop on Design Issues in Anonymity and Unobservability, July 2000, number 2009 in Lecture Notes in Computer Science, pages 141–160. Springer-Verlag, Berlin, 2001.
Jan Camenisch and Els Van Herreweghen. Design and implementation of the idemix anonymous credential system. In Proceedings of the 9th ACM Conference on Computer and Communications Security, pages 21–30. ACM Press, New York, 2002.
David L. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2):84–90, 1981.
Sebastian Clauß and Marit Köhntopp. Identity management and its support of multilateral security. Computer Networks, 37:205–219, 2001.
Jan De Clercq. Single sign-on architectures. In George I. Davida, Yair Frankel, and Owen Rees, editors, Infrastructure Security, International Conference, InfraSec 2002 Bristol, UK, October 1–3, 2002, Proceedings, volume 2437 of Lecture Notes in Computer Science, pages 40–58. Springer Verlag, 2002.
David M. Goldschlag, Michael G. Reed, and Paul F. Syverson. Onion routing for anonymous and private internet connections. Communications of the ACM, 42(2):84–88, January 1999.
Internet Engineering Task Force. RFC 1510: The Kerberos Network Authentication Service (V5), September 1993.
Uwe Jendricke and Daniela Gerd tom Markotten. Usability meets security — the Identity-Manager as your personal security assistant for the internet. In Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC 2000), pages 344–355. IEEE Computer Society, 2000.
Liberty Alliance. The Liberty Alliance News Letter, volume 1, issue 1 edition, November 2002.
Liberty Alliance. Identity Systems and Liberty Specification version 1.1 Interoperability, January 2003.
Liberty Alliance. Liberty Architecture Glossary v.1.1, January 2003.
Liberty Alliance. Liberty Authentication Context Specification v.1.1, January 2003.
Liberty Alliance. Liberty Bindings and Profiles Specification v.1.1, January 2003.
Liberty Alliance. Liberty Protocols and Schemas Specification v.1.1, January 2003.
A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, Boca Raton, 1997.
Microsoft. Microsoft.NET Passport Review Guide, November 2002.
Andreas Pashalidis and Chris J. Mitchell. Single sign-on using trusted platforms. Technical Report RHUL-MA-2003-3, Mathematics Department, Royal Holloway, University of London, March 2003.
Andreas Pfitzmann and Marit Köhntopp. Anonymity, unobservability, and pseudonymity — a proposal for terminology. In H. Federrath, editor, Designing Privacy Enhancing Technologies, International Workshop on Design Issues in Anonymity and Unobservability, July 2000, number 2009 in Lecture Notes in Computer Science, pages 141–160. Springer-Verlag, Berlin, 2001.
Birgit Pfitzmann. Privacy in enterprise identity federation — Policies for Liberty single signon. In Proceedings: 3rd Workshop on Privacy Enhancing Technologies (PET 2003), Dresden, March 2003, Lecture Notes in Computer Science. Springer-Verlag, Berlin, to appear.
Eric Rescorla. SSL and TLS. Addison-Wesley, Reading, Massachusetts, 2001.
J. G. Steiner, B. Clifford Neuman, and J.I. Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the Winter 1988 Usenix Conference, pages 191–201, February 1988.
World Wide Web Consortium. The Platform for Privacy Preferences 1.0 (P3P 1.0) Specification, April 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pashalidis, A., Mitchell, C.J. (2003). A Taxonomy of Single Sign-On Systems. In: Safavi-Naini, R., Seberry, J. (eds) Information Security and Privacy. ACISP 2003. Lecture Notes in Computer Science, vol 2727. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45067-X_22
Download citation
DOI: https://doi.org/10.1007/3-540-45067-X_22
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40515-3
Online ISBN: 978-3-540-45067-2
eBook Packages: Springer Book Archive