Skip to main content
SpringerLink
Log in
Book cover

Australasian Conference on Information Security and Privacy

ACISP 2003: Information Security and Privacy pp 249–264Cite as

A Taxonomy of Single Sign-On Systems

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2727))

Abstract

At present, network users have to manage one set of authentication credentials (usually a username/password pair) for every service with which they are registered. Single Sign-On (SSO) has been proposed as a solution to the usability, security and management implications of this situation. Under SSO, users authenticate themselves only once and are logged into the services they subsequently use without further manual interaction. Several architectures for SSO have been developed, each with different properties and underlying infrastructures. This paper presents a taxonomy of these approaches and puts some of the SSO schemes, services and products into that context. This enables decisions about the design and selection of future approaches to SSO to be made within a more structured context; it also reveals some important differences in the security properties that can be provided by various approaches.

The author is sponsored by the State Scholarship Foundation of Greece.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Adam Back, Ulf Möller, and Anton Stiglic. Traffic analysis attacks and trade-offs in anonymity providing systems. In I. S. Moskowitz, editor, Information Hiding, 4th International Workshop, IHW 2001, volume 2137 of Lecture Notes in Computer Science, pages 245–257. Springer Verlag, Berlin, 2001.

    Google Scholar 

  2. Oliver Berthold and Marit Köhntopp. Identity management based on P3P. In H. Federrath, editor, Designing Privacy Enhancing Technologies, International Workshop on Design Issues in Anonymity and Unobservability, July 2000, number 2009 in Lecture Notes in Computer Science, pages 141–160. Springer-Verlag, Berlin, 2001.

    Google Scholar 

  3. Jan Camenisch and Els Van Herreweghen. Design and implementation of the idemix anonymous credential system. In Proceedings of the 9th ACM Conference on Computer and Communications Security, pages 21–30. ACM Press, New York, 2002.

    Chapter  Google Scholar 

  4. David L. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2):84–90, 1981.

    Article  Google Scholar 

  5. Sebastian Clauß and Marit Köhntopp. Identity management and its support of multilateral security. Computer Networks, 37:205–219, 2001.

    Article  Google Scholar 

  6. Jan De Clercq. Single sign-on architectures. In George I. Davida, Yair Frankel, and Owen Rees, editors, Infrastructure Security, International Conference, InfraSec 2002 Bristol, UK, October 1–3, 2002, Proceedings, volume 2437 of Lecture Notes in Computer Science, pages 40–58. Springer Verlag, 2002.

    Google Scholar 

  7. David M. Goldschlag, Michael G. Reed, and Paul F. Syverson. Onion routing for anonymous and private internet connections. Communications of the ACM, 42(2):84–88, January 1999.

    Article  Google Scholar 

  8. Internet Engineering Task Force. RFC 1510: The Kerberos Network Authentication Service (V5), September 1993.

    Google Scholar 

  9. Uwe Jendricke and Daniela Gerd tom Markotten. Usability meets security — the Identity-Manager as your personal security assistant for the internet. In Proceedings of the 16th Annual Computer Security Applications Conference (ACSAC 2000), pages 344–355. IEEE Computer Society, 2000.

    Google Scholar 

  10. Liberty Alliance. The Liberty Alliance News Letter, volume 1, issue 1 edition, November 2002.

    Google Scholar 

  11. Liberty Alliance. Identity Systems and Liberty Specification version 1.1 Interoperability, January 2003.

    Google Scholar 

  12. Liberty Alliance. Liberty Architecture Glossary v.1.1, January 2003.

    Google Scholar 

  13. Liberty Alliance. Liberty Authentication Context Specification v.1.1, January 2003.

    Google Scholar 

  14. Liberty Alliance. Liberty Bindings and Profiles Specification v.1.1, January 2003.

    Google Scholar 

  15. Liberty Alliance. Liberty Protocols and Schemas Specification v.1.1, January 2003.

    Google Scholar 

  16. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, Boca Raton, 1997.

    MATH  Google Scholar 

  17. Microsoft. Microsoft.NET Passport Review Guide, November 2002.

    Google Scholar 

  18. Andreas Pashalidis and Chris J. Mitchell. Single sign-on using trusted platforms. Technical Report RHUL-MA-2003-3, Mathematics Department, Royal Holloway, University of London, March 2003.

    Google Scholar 

  19. Andreas Pfitzmann and Marit Köhntopp. Anonymity, unobservability, and pseudonymity — a proposal for terminology. In H. Federrath, editor, Designing Privacy Enhancing Technologies, International Workshop on Design Issues in Anonymity and Unobservability, July 2000, number 2009 in Lecture Notes in Computer Science, pages 141–160. Springer-Verlag, Berlin, 2001.

    Google Scholar 

  20. Birgit Pfitzmann. Privacy in enterprise identity federation — Policies for Liberty single signon. In Proceedings: 3rd Workshop on Privacy Enhancing Technologies (PET 2003), Dresden, March 2003, Lecture Notes in Computer Science. Springer-Verlag, Berlin, to appear.

    Google Scholar 

  21. Eric Rescorla. SSL and TLS. Addison-Wesley, Reading, Massachusetts, 2001.

    Google Scholar 

  22. J. G. Steiner, B. Clifford Neuman, and J.I. Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the Winter 1988 Usenix Conference, pages 191–201, February 1988.

    Google Scholar 

  23. World Wide Web Consortium. The Platform for Privacy Preferences 1.0 (P3P 1.0) Specification, April 2002.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK

    Andreas Pashalidis & Chris J. Mitchell

Authors
  1. Andreas Pashalidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chris J. Mitchell
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Technology and Computer Science, University of Wollongong, Wollongong, NSW, 2522, Australia

    Rei Safavi-Naini  & Jennifer Seberry  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pashalidis, A., Mitchell, C.J. (2003). A Taxonomy of Single Sign-On Systems. In: Safavi-Naini, R., Seberry, J. (eds) Information Security and Privacy. ACISP 2003. Lecture Notes in Computer Science, vol 2727. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45067-X_22

Download citation

  • DOI: https://doi.org/10.1007/3-540-45067-X_22

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40515-3

  • Online ISBN: 978-3-540-45067-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation