A Taxonomy of Single Sign-On Systems

At present, network users have to manage one set of authentication credentials (usually a username/password pair) for every service with which they are registered. Single Sign-On (SSO) has been proposed as a solution to the usability, security and management implications of this situation. Under SSO, users authenticate themselves only once and are logged into the services they subsequently use without further manual interaction. Several architectures for SSO have been developed, each with different properties and underlying infrastructures. This paper presents a taxonomy of these approaches and puts some of the SSO schemes, services and products into that context. This enables decisions about the design and selection of future approaches to SSO to be made within a more structured context; it also reveals some important differences in the security properties that can be provided by various approaches.