Definition of Single Sign-On
In the present active digital world, different users would have access to multiple systems in order to conduct their daily activities [1]. Single Sign-On (SSO) mechanism could help in solving different problems in relation with multiple credentials based on different applications.
The SSO could be defined as a mechanism, which would allow the users for authenticating mobile or web applications with a single username and password. This would be helpful for permitting access to multiple applications that would employ the same authentication provider. This mechanism is used for the purpose of authorization and authentication [2]. Authorization is defined as a process based on gaining access to a particular resource. Authentication helps in defining the process based on verification of the concerned user. This deals with the concept of integrity, confidentiality, availability and non-repudiation. SSO helps in improving the user and developer productivity based on avoiding the user in order to remember multiple passwords. SSO would allow the easy form of management of the user rights, changing of function and quick integration of applications.
The primary advantage of SSO is that the concerned user would not have to remember based on the credentials of the entire set of applications in a separate manner. The disadvantage of using SSO mechanism is that is the third party user would gain access to any website that would be integrated with some kind of protocols, then the entire systems would become insecure for use.
In this kind of mechanism, the user would register themselves within the IDP in order to receive the Open ID credentials. At this point, the user would want to access the Application A. This application would thus redirect the user to the IDP. If the user would want the access to the Web Application B, then it would send a request to the Web Application B [3]. Based on the receiving the request, the user would go to the identity provider and would check whether the user is active or not. If the user would be found to be active, then the Web Application B would allow the user to access it in an automatic manner. In a similar process, the different other web applications would also follow the similar process. The Web Application A would not know about the processes that would happen in Web Application B and vice-versa.
There are two types of Single Sign-On systems. These include Simple SSO and Complex SSO.
Single SSO – This would cover the aspect of single authority of authentication. This kind of mechanism could be implemented within the homogeneous LAN and intranet in which the machines would be running on the same OS and would be trusting the same authority of authentication.
Complex SSO – This kind of mechanism would be able to cover the different authorities of authentication [4]. This would be implemented within different platforms and thus would entirely be governed based on different organisations. This could be implemented on either Extranet or Internet.
There are different kinds of protocols that are used in SSO mechanism such as OpenID, BrowserID, Kerberos and SAML.
The mechanism of OpenID could be defined as a decentralized scheme of authentication for the SSO mechanism. These type of users would be able to choose a trusted form of OpenID server in order to register themselves. Three kind of parties are involved within the OpenID mechanism [5]. These include the Service Provider (SP), the OpenID provider (OP) and the user.
SAML is defined as a XML message format that would be able to define a form of protocol specification in which two servers would need to share the information about authentication [6]. The protocol makes use of web infrastructure in which the XML data would move over HTTP protocols on the TCP/IP networks. IN SAML, the SP and IDP would be able to exchange messages with the help of the browser of the user. The IDP would validate the username and password of the particular user [7]. If the credentials would found to be correct, then it would send back a response of SAML authentication.
The BrowserID would be able to offer a one-time log-in to different websites and services based on the connection by an e-mail address. The primary idea is that the user would only remember only a single e-mail address instead of different e-mail addresses [8]. The primary advantages of BrowserID is based on the ease of use, cross-browser implementation, decentralized, secure and an improved form of experience based on future browsers. This would also respect the privacy of the concerned user. BrowserID would employ the email addresses that would allow a site to make use of BrowserID without the help of any kind of additional information. BrowserID is one of the experimental version of Mozilla Labs, which is a new and not fully-defined and incompletely defined service [9]. This is primarily developed for Mozilla browser.
This is defined as an authentication system that was primarily designed by Clifford Neuman and Steve Miller. The project was targeted for Project Athena in MIT [10]. Kerberos employs a trusted third party or would call for a middle-man server that would be employed for the purpose of authentication. This form of authentication system would be entirely based on Needham-Schroeder protocol [11]. Kerberos is a kind of protocol that would be based between trusted hosts within the untrusted network based on different kinds of authenticating service requests.
The different kind of security issues that would be involved in SAML and Open ID are Man-in-the-Middle attack, Phishing and Session-related attacks. Two common forms of phishing attacks are: Phishing OP Pagewhere and Realm Spoofing.
The other forms of phishing attacks within Kerberos are: In the infrastructure supported by Kerberos, the credentials of the user login would be stored within the central server. Hence, it would be able to migrate each of the login credentials from local machines into the centrally located server. If an attacker would gain access to the centrally located server then the entire infrastructure would be put under serious threat.
Conclusion
Based on the discussion from the above research paper, it could be concluded that Single Sign-On would be an easy and secure process based on the reduction of one account per user for different kinds of services, centrally management of roles, number of passwords based on defining of resources in order to access control. This mechanism would prove to be beneficial for the end-users, help-desk and administrators. SSO would be able to gain much form of importance with the emerging need of cloud computing technology based on providing different forms of ICT based services. It would also reduce the chances of attacks based on phishing. As SSO provides access only with a single login, hence it should be implemented in a highly secure manner. The mechanism of SSO possesses their own strengths and limitations. Hence, each user should be able to carefully estimate the use within the system. The resources available for the deployment and management before the choice of SSO solution would be able to create a huge kind of vulnerability within the security of an organisation but it would not be implemented properly. OpenID in Single Sign-On would only be used for the purpose of authentication. This is used for the purpose of connecting for both of authorization and authentication. Additionally, if the amount of credentials increase, the amount of losing them would also be increased. Although there many kinds of attacks within the system such as man-in-the-middle attacks, session attacks and phishing attacks still the improved form of security within the mechanism would be able to mitigate the impact of such kind of attacks.
References
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download