2002 | OriginalPaper | Buchkapitel
Single Sign-On Architectures
verfasst von : Jan De Clercq
Erschienen in: Infrastructure Security
Verlag: Springer Berlin Heidelberg
Enthalten in: Professional Book Archive
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Authentication infrastructures have been around for many years now. They are very popular in big computing environments where scalability is a key requirement. In such environment, it’s not very cost-efficient from both an implementation and an administration point-of-view to create a separate authentication system for every individual computer system, resource or application server. It is much better to outsource this functionality to an authentication “infrastructure”.The outsourcing of authentication to a specialized infrastructure also enables the enforcement of a consistent authentication policy throughout the enterprise. Another major driver behind the creation of authentication infrastructures is single sign-on (SSO). In short, SSO is the ability for a user to authenticate once to a single authentication authority and then access other protected resources without reauthenticating. The Open Group defines SSO as the mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where that user has access permission, without the need to enter multiple passwords.This paper focuses on the architectural approaches one can take when designing an SSO solution for a large I.T. infrastructure and on the security technology building blocks that can be used to construct such an SSO infrastructure. This brief does not address the architecture of every SSO solution that is currently available on the software market. Many of them have a relatively small scope and only span a couple of applications, platforms or authentication methods.